Fuzzer Development: Sandboxing Syscalls - https://h0mbre.github.io/Lucid_Context_Switching/#
The Human Machine Interface
Fuzzer Development 2: Sandboxing Syscalls
Introduction If you haven’t heard, we’re developing a fuzzer on the blog these days. I don’t even know if “fuzzer” is the right word for what we’re building, it’s almost more like an execution engine that will expose hooks? Anyways, if you missed the first…
👍2
Continuously fuzzing Python C extensions - https://blog.trailofbits.com/2024/02/23/continuously-fuzzing-python-c-extensions/
The Trail of Bits Blog
Continuously fuzzing Python C extensions
Deserializing, decoding, and processing untrusted input are telltale signs that your project would benefit from fuzzing. Yes, even Python projects. Fuzzing helps reduce bugs in high-assurance software developed in all programming languages. Fortunately for…
👍1
Large Language Model guided Protocol Fuzzing - https://www.ndss-symposium.org/wp-content/uploads/2024-556-paper.pdf
❤3😁2
U-Fuzz: Stateful Fuzzing of IoT Protocols on COTS Devices - https://github.com/asset-group/U-Fuzz
GitHub
GitHub - asset-group/U-Fuzz: Towards Universal Fuzzing of IoT Protocols.
Towards Universal Fuzzing of IoT Protocols. Contribute to asset-group/U-Fuzz development by creating an account on GitHub.
❤4
Fuzzer Development 3: Building Bochs, MMU, and File I/0 - https://h0mbre.github.io/Loading_Bochs/#
The Human Machine Interface
Fuzzer Development 3: Building Bochs, MMU, and File I/0
Background
👍3
snapshot: A Rust WinDbg extension that takes a snapshot of a running VM - https://github.com/0vercl0k/snapshot
GitHub
GitHub - 0vercl0k/snapshot: WinDbg extension written in Rust to dump the CPU / memory state of a running VM
WinDbg extension written in Rust to dump the CPU / memory state of a running VM - 0vercl0k/snapshot
👍3
Using LLMs to Generate Fuzz Generators - https://verse.systems/blog/post/2024-03-09-using-llms-to-generate-fuzz-generators/
Toby's Blog
Using LLMs to Generate Fuzz Generators
LLMs seem surprisingly good at many things. So much so that not a week goes by without someone coming up with yet another use-case for this technology, often to solve tasks quickly that traditionally …
👍1
Fuzzing in the 2020s: Novel Approaches and Solutions - https://www.eurecom.fr/publication/7452/download/sec-publi-7452.pdf
👍5
SyzRetrospector: A Large-Scale Retrospective Study of Syzbot - https://arxiv.org/pdf/2401.11642.pdf
👍3
Why fuzzing over formal verification? - https://blog.trailofbits.com/2024/03/22/why-fuzzing-over-formal-verification/
The Trail of Bits Blog
Why fuzzing over formal verification?
We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal verification?” And the answer is, “It’s complicated.” We use fuzzing for most of our audits but have used…
👍4😁1
Structure-Aware linux kernel Fuzzing with libFuzzer - https://r00tkitsmm.github.io/fuzzing/2024/03/27/libffuzzerkernel.html
My interesting research.
Structure-Aware linux kernel Fuzzing with libFuzzer
Hi everyone! I’m really happy to tell you about my experimenting adventure today. I decided to experiment with KCOV and see how I can hook it into libfuzzer and boot the kernel without spending too much on building a root file system.
😁4
Introducing Ruzzy, a coverage-guided Ruby fuzzer - https://blog.trailofbits.com/2024/03/29/introducing-ruzzy-a-coverage-guided-ruby-fuzzer/ / https://github.com/trailofbits/ruzzy
The Trail of Bits Blog
Introducing Ruzzy, a coverage-guided Ruby fuzzer
Trail of Bits is excited to introduce Ruzzy, a coverage-guided fuzzer for pure Ruby code and Ruby C extensions. Fuzzing helps find bugs in software that processes untrusted input. In pure Ruby, these bugs may result in unexpected exceptions that could lead…
ImageIO, the infamous iOS Zero Click Attack Vector. - https://r00tkitsmm.github.io/fuzzing/2024/03/29/iOSImageIO.html
My interesting research.
ImageIO, the infamous iOS Zero Click Attack Vector.
ImageIO is Apple’s Framework that handles image parsing, which exposes 0click attack surface
👍4
what the fuzz: Linux mode - https://github.com/0vercl0k/wtf/tree/main/linux_mode
GitHub
wtf/linux_mode at main · 0vercl0k/wtf
wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-m...
🔥4👍1
Aplos Fuzzer: Aplos an extremely simple fuzzer for Windows binaries - https://github.com/20urc3/Aplos
GitHub
GitHub - 20urc3/Aplos: Aplos an extremely simple fuzzer for Windows binaries.
Aplos an extremely simple fuzzer for Windows binaries. - 20urc3/Aplos
❤3😁1
Prompt Fuzzer: open-source tool to help you harden your GenAI applications - https://github.com/prompt-security/ps-fuzz
👍1
The Windows Registry Adventure #1: Introduction and research results - https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
Blogspot
The Windows Registry Adventure #1: Introduction and research results
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Win...
🤩1
https://github.com/0xricksanchez/AFL_Runner: AFLPlusPlus command generator to make the best use of multiple cores
GitHub
GitHub - 0xricksanchez/AFL_Runner: Scaling best-practice AFLPlusPlus fuzzing campaigns made easy and more
Scaling best-practice AFLPlusPlus fuzzing campaigns made easy and more - 0xricksanchez/AFL_Runner
👍4🔥3