Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example - https://tsmr.eu/blackbox-fuzzing.html
👍4❤1
How to Fuzz Your Way to Android Universal Root: Attacking Android Binder - https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9
YouTube
OffensiveCon24 - Eugene Rodionov,Zi Fan Tan and Gulshan Singh
How to Fuzz Your Way to Android Universal Root: Attacking Android Binder
https://www.offensivecon.org/speakers/2024/eugene-rodionov,-zi-fan-tan-and-gulshan-singh.html
https://www.offensivecon.org/speakers/2024/eugene-rodionov,-zi-fan-tan-and-gulshan-singh.html
👍1
Fuzzing embedded systems - Part 1, Introduction - https://blog.sparrrgh.me//fuzzing/embedded/2024/06/05/fuzzing-embedded-systems-1.html
❤2
Automated security testing of unexplored targets through feedback-guided fuzzing - https://depositonce.tu-berlin.de/items/c3aaf2ec-8036-4651-a609-9c3b11a7f705
depositonce.tu-berlin.de
Automated security testing of unexplored targets through feedback-guided fuzzing
Fuzzing is an automated method to uncover bugs in software. A fuzzer will generate inputs to a target program and execute the target repeatedly, in rapid succession. These random mutations aim to reach corner cases a human tester will not detect easily. Fuzzing…
👍3
Finding mispriced opcodes with fuzzing - https://blog.trailofbits.com/2024/06/17/finding-mispriced-opcodes-with-fuzzing/
The Trail of Bits Blog
Finding mispriced opcodes with fuzzing
Fuzzing—a testing technique that tries to find bugs by repeatedly executing test cases and mutating them—has traditionally been used to detect segmentation faults, buffer overflows, and other memory corruption vulnerabilities that are detectable through crashes.…
❤2
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models - https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Blogspot
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and e...
👍3
Lucid - Fuzzer Development 4: Snapshots, Code-Coverage, and Fuzzing - https://h0mbre.github.io/Lucid_Snapshots_Coverage
The Human Machine Interface
Fuzzer Development 4: Snapshots, Code-Coverage, and Fuzzing
Background
🔥9
IPC Fuzzing with Snapshots - https://blog.mozilla.org/attack-and-defense/2024/06/24/ipc-fuzzing-with-snapshots/
Attack & Defense
IPC Fuzzing with Snapshots
Process separation remains one of the most important parts of the Firefox security model and securing our IPC (Inter-Process Communication) interfaces is crucial to keep privileges in the different processes ...
🔥3
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge - https://security.googleblog.com/2024/06/hacking-for-defenders-approaches-to.html
Google Online Security Blog
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge
Oliver Chang, Jonathan Metzman, OSS-Fuzz and Alex Rebert, Security Engineering The US Defense Advanced Research Projects Agency, DARPA , rec...
👍3
🎸We just made a song about Fuzzing! It's called "Fuzzing for Bugs"! 🎶
Of course, this is the music we listen to when finding 0 days. 😄 I might even consider starting an "Offensive" rock band when retiring! 🤘🐛
It's AI-generated using @suno_ai_
https://www.youtube.com/watch?v=W5ahqFfDKrg&feature=youtu.be
Of course, this is the music we listen to when finding 0 days. 😄 I might even consider starting an "Offensive" rock band when retiring! 🤘🐛
It's AI-generated using @suno_ai_
https://www.youtube.com/watch?v=W5ahqFfDKrg&feature=youtu.be
YouTube
Fuzzing for Bugs 🎸🤘 AI-generated Rock Song for Security Researcher 😎
Lyrics:
[Verse]
In the code we search and find
Tiny glitches intertwined
Through the bytes we take a spin
Fuzzing makes the errors thin
[Verse 2]
With each cycle tests unfold
In the depths where bugs are bold
Patterns break and flaws appear
Fuzzing shows…
[Verse]
In the code we search and find
Tiny glitches intertwined
Through the bytes we take a spin
Fuzzing makes the errors thin
[Verse 2]
With each cycle tests unfold
In the depths where bugs are bold
Patterns break and flaws appear
Fuzzing shows…
😁4🎉2
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing - https://www.mlsec.org/docs/2024c-asiaccs.pdf
Expand the reach of Fuzzing - https://thuanpv.github.io/publications/NUS_Summer_School_Thuan_Pham_Final_Public.pdf
🔥1
On Understanding and Forecasting Fuzzers Performance with Static Analysis - https://s3.eurecom.fr/docs/ccs24_zhang.pdf
🔥1
Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 1)
- https://secret.club/2024/06/30/ring-around-the-regex-1.html
- https://secret.club/2024/06/30/ring-around-the-regex-1.html
secret club
Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 1)
Okay, if you’re reading this, you probably know what fuzzing is. As an incredibly reductive summary: fuzzing is an automated, random testing process which tries to explore the state space (e.g., different interpretations of the input or behaviour) of a program…
🔥5
ARVO: Atlas of Reproducible Vulnerabilities for Open Source Software - https://arxiv.org/pdf/2408.02153
🔥1
RISCVuzz: Discovering Architectural CPU Vulnerabilities via Differential Hardware Fuzzing - https://ghostwriteattack.com/riscvuzz.pdf
🔥1
Syzkaller got snapshot-based mode - https://x.com/dvyukov/status/1821543202585022910?t=A5hsdcyoiN48qFNeOUAJoQ&s=03
X (formerly Twitter)
Dmitry Vyukov (@dvyukov) on X
syzkaller, our award-winning kernel fuzzer
https://t.co/fHjR40rzU8
got snapshot-based mode
https://t.co/YIY1gR3617
It's not very fast but based 100% on stock qemu: savevm/loadvm+ivshmem
Significantly improves reproducibility for corpus&crashes but we just…
https://t.co/fHjR40rzU8
got snapshot-based mode
https://t.co/YIY1gR3617
It's not very fast but based 100% on stock qemu: savevm/loadvm+ivshmem
Significantly improves reproducibility for corpus&crashes but we just…
🔥3
Fuzzing scripting languages' interpreters' native functions using AFL++ to find memory corruption and more - https://joshua.hu/aflplusplus-fuzzing-scripting-languages-natively
Joshua.Hu Joshua Rogers’ Scribbles
Fuzzing scripting languages’ interpreters’ native functions using AFL++ to find memory corruption and more
Fuzzing applications needs no introduction, and I have written about some interesting problems related to fuzzing in the past [0][1][2][3]. At scale, fuzzing has traditionally focused on compiled binaries and detecting crashes and other memory corruption…
🔥4