Using LLMs to Generate Fuzz Generators - https://verse.systems/blog/post/2024-03-09-using-llms-to-generate-fuzz-generators/
Toby's Blog
Using LLMs to Generate Fuzz Generators
LLMs seem surprisingly good at many things. So much so that not a week goes by without someone coming up with yet another use-case for this technology, often to solve tasks quickly that traditionally โฆ
๐1
Fuzzing in the 2020s: Novel Approaches and Solutions - https://www.eurecom.fr/publication/7452/download/sec-publi-7452.pdf
๐5
SyzRetrospector: A Large-Scale Retrospective Study of Syzbot - https://arxiv.org/pdf/2401.11642.pdf
๐3
Why fuzzing over formal verification? - https://blog.trailofbits.com/2024/03/22/why-fuzzing-over-formal-verification/
The Trail of Bits Blog
Why fuzzing over formal verification?
We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, โWhy fuzzing instead of formal verification?โ And the answer is, โItโs complicated.โ We use fuzzing for most of our audits but have usedโฆ
๐4๐1
Structure-Aware linux kernel Fuzzing with libFuzzer - https://r00tkitsmm.github.io/fuzzing/2024/03/27/libffuzzerkernel.html
My interesting research.
Structure-Aware linux kernel Fuzzing with libFuzzer
Hi everyone! Iโm really happy to tell you about my experimenting adventure today. I decided to experiment with KCOV and see how I can hook it into libfuzzer and boot the kernel without spending too much on building a root file system.
๐4
Introducing Ruzzy, a coverage-guided Ruby fuzzer - https://blog.trailofbits.com/2024/03/29/introducing-ruzzy-a-coverage-guided-ruby-fuzzer/ / https://github.com/trailofbits/ruzzy
The Trail of Bits Blog
Introducing Ruzzy, a coverage-guided Ruby fuzzer
Trail of Bits is excited to introduce Ruzzy, a coverage-guided fuzzer for pure Ruby code and Ruby C extensions. Fuzzing helps find bugs in software that processes untrusted input. In pure Ruby, these bugs may result in unexpected exceptions that could leadโฆ
ImageIO, the infamous iOS Zero Click Attack Vector. - https://r00tkitsmm.github.io/fuzzing/2024/03/29/iOSImageIO.html
My interesting research.
ImageIO, the infamous iOS Zero Click Attack Vector.
ImageIO is Appleโs Framework that handles image parsing, which exposes 0click attack surface
๐4
what the fuzz: Linux mode - https://github.com/0vercl0k/wtf/tree/main/linux_mode
GitHub
wtf/linux_mode at main ยท 0vercl0k/wtf
wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-m...
๐ฅ4๐1
Aplos Fuzzer: Aplos an extremely simple fuzzer for Windows binaries - https://github.com/20urc3/Aplos
GitHub
GitHub - 20urc3/Aplos: Aplos an extremely simple fuzzer for Windows binaries.
Aplos an extremely simple fuzzer for Windows binaries. - 20urc3/Aplos
โค3๐1
Prompt Fuzzer: open-source tool to help you harden your GenAI applications - https://github.com/prompt-security/ps-fuzz
๐1
The Windows Registry Adventure #1: Introduction and research results - https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
Blogspot
The Windows Registry Adventure #1: Introduction and research results
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Win...
๐คฉ1
https://github.com/0xricksanchez/AFL_Runner: AFLPlusPlus command generator to make the best use of multiple cores
GitHub
GitHub - 0xricksanchez/AFL_Runner: Scaling best-practice AFLPlusPlus fuzzing campaigns made easy and more
Scaling best-practice AFLPlusPlus fuzzing campaigns made easy and more - 0xricksanchez/AFL_Runner
๐4๐ฅ3
Discoveries from Analyzing 141 Real-World ZK-SNARK Vulnerabilities! ๐ง - https://youtu.be/oxvcEXha69c
YouTube
Discoveries from Analyzing 141 Real-World ZK-SNARK Vulnerabilities! ๐ง
Join me for a quick review of 'SoK: What donโt we know? Understanding Security Vulnerabilities in SNARKs.' We'll discuss the key findings from the paper, focusing on the taxonomy of 141 real-world vulnerabilities in SNARK implementations and providing someโฆ
๐ฅ4๐2โค1
Your NVMe Had Been Syzโed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller - https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
Cyberark
Your NVMe Had Been Syzโed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller
Following research conducted by a colleague of mine [1] at CyberArk Labs, I better understood NVMe-oF/TCP. This kernel subsystem exposes INET socket(s), which can be a fruitful attack surface for...
๐ฅ2
https://github.com/user1342/AutoCorpus: AutoCorpus is a tool backed by a large language model (LLM) for automatically generating corpus files for fuzzing.
GitHub
GitHub - user1342/AutoCorpus: AutoCorpus is a tool backed by a large language model (LLM) for automatically generating corpus filesโฆ
AutoCorpus is a tool backed by a large language model (LLM) for automatically generating corpus files for fuzzing. - user1342/AutoCorpus
๐1๐คฏ1
https://github.com/lus33rr/AyedFuzzer: AyedFuzzer is a small Fuzzer with 3 options (File mutating, WinDbg-interactive monitor, multi-processing) for windows executables
GitHub
GitHub - lus33rr/AyedFuzzer: AyedFuzzer is a small File-Format-Fuzzer with 3 options (File-mutating, WinDbg-interactive monitorโฆ
AyedFuzzer is a small File-Format-Fuzzer with 3 options (File-mutating, WinDbg-interactive monitor, multi-processing) for windows executables - lus33rr/AyedFuzzer
๐1๐ฅ1
Coverage guided fuzzing for native Android libraries (Frida & Radamsa) - https://knifecoat.com/Posts/Coverage+guided+fuzzing+for+native+Android+libraries+(Frida+%26+Radamsa)
KnifeCoat
Coverage guided fuzzing for native Android libraries (Frida & Radamsa) - KnifeCoat
Intro Recently I have been getting into userland application testing on Android. I want to credit Iddo and Jacob for their excellent course on attacking IM Applications which I took at zer0con. As a โฆ
๐2
Large Language Model guided
Protocol Fuzzing - https://mboehme.github.io/paper/NDSS24.pdf
Protocol Fuzzing - https://mboehme.github.io/paper/NDSS24.pdf