Fuzzing for security vulnerabilities is a strange thing. Throwing randomly generated or mutated data at an application until it crashes sounds like an extremely primitive way to find vulnerabilities, and yet the last decade is full of fuzzing success stories.…

Tutorials, examples, discussions, research proposals, and other resources related to fuzzing - google/fuzzing

A long time ago I went to a small university in New Zealand to get a math degree. It was one of those things that happened mostly through inertia -- like most kids I knew, I wasn't super interested in studying. I signed up for a bunch of classes, but

Learn how teams can leverage the power of GitHub Advanced Security’s code scanning and GitHub Actions to integrate the right security testing tools at the right time.

How did Tavis Ormandy fuzz CPUs to discover Zenbleed? In this video we learn about the techniques to make this work!

Watch part 2: https://www.youtube.com/watch?v=9EY_9KtxyPg

buy my font (advertisement): https://shop.liveoverflow.com/

This video is sponsored…

Posted by Hamzeh Zawawy and Jon Bottarini, Android Security Fuzzing is an effective technique for finding software vulnerabilities. Over ...

In this article we are going to dive into Libprotobuf structure-aware fuzzing to learn how to perform fuzzing against functions that accept only complex data types likes Structures, Classes or other structured data.

Binary, coverage-guided fuzzer for Windows, macOS, Linux and Android - googleprojectzero/Jackalope

A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS - intel/tsffs

Large Language Models are already revolutionizing the software development landscape. As hackers we can only do what we've always done, embrace the machine and use it to do our bidding.

There are many valid criticisms of GPT models for writing code like…

Following the adventure of manually discovering network-based vulnerabilities in the Linux kernel, I'm adding ksmbd-fuzzing functionality to the already extensive kernel-fuzzing tool that is Syzkaller.

CI Spark leverages LLMs to automatically detect and configure entry points for dynamic white-box testing. Find out how it works!

Quarkslab conference talks. Contribute to quarkslab/conf-presentations development by creating an account on GitHub.

Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apple's Security Engineering and Architecture (SEAR) team. The issue, CVE-2023-4863, was a heap buffer overflow in the WebP image…

In the rapidly changing world of AI and LLM applications, security is paramount. This video provides a deep dive into the OWASP Top 10 vulnerabilities for LLM applications 🤖. We'll cover critical issues like Prompt Injection, Insecure Output Handling, Model…