Meta Bug Bounty — Fuzzing “netconsd” for fun and profit - part 1 - https://blog.fadyothman.com/meta-bug-bounty-fuzzing-netconsd-for-fun-and-profit-part-1-6ffe96eb1419
Medium
Meta Bug Bounty — Fuzzing “netconsd” for fun and profit - part 1
Hello everyone,
❤1🔥1
Meta Bug Bounty — Fuzzing “netconsd” for fun and profit — part 2 - https://blog.fadyothman.com/meta-bug-bounty-fuzzing-netconsd-for-fun-and-profit-part-2-52bf188cc877
Medium
Meta Bug Bounty — Fuzzing “netconsd” for fun and profit — part 2
Hey Everyone,
❤1
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing - https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks-part-1/
Cisco Talos Blog
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
Any vulnerability in an RTOS has the potential to affect many devices across multiple industries.
❤2🔥2
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case - https://blog.talosintelligence.com/fuzzing-ucos-protocol-stacks-part-2/
Cisco Talos Blog
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case
This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor.
❤2👍2
Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver - https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks-part-3/
Cisco Talos Blog
Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver
This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server.
❤2🔥2
Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example - https://tsmr.eu/blackbox-fuzzing.html
❤2
No Peer, no Cry: Network Application Fuzzing via Fault Injection - https://mschloegel.me/paper/bars2024fuzztructionnet.pdf
❤1
TROOPERS24: Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS - https://www.youtube.com/watch?v=tZmollb8NXk
YouTube
TROOPERS24: Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS
Talk by Dillon Franke - June 26th, 2024 at TROOPERS24 IT security conference in Heidelberg, Germany hosted by @ERNW_ITSec
#TROOPERS24 #ITsecurity
https://troopers.de/troopers24/talks/lb9pjt
More impressions:
https://twitter.com/WEareTROOPERS
https://t…
#TROOPERS24 #ITsecurity
https://troopers.de/troopers24/talks/lb9pjt
More impressions:
https://twitter.com/WEareTROOPERS
https://t…
❤1🤩1
Introducing Java fuzz harness synthesis using LLMs - https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
OSS-Fuzz blog
Introducing Java fuzz harness synthesis using LLMs
Introducing LLM-based harness generation for Java OSS-Fuzz projects.
❤1
WuppieFuzz v1.0.0: A coverage-guided REST API fuzzer developed on top of LibAFL - https://github.com/TNO-S3/WuppieFuzz
GitHub
GitHub - TNO-S3/WuppieFuzz: A coverage-guided REST API fuzzer developed on top of LibAFL
A coverage-guided REST API fuzzer developed on top of LibAFL - TNO-S3/WuppieFuzz
❤1
Icicle: Icicle is an experimental fuzzing-specific, multi-architecture emulation framework. - https://github.com/icicle-emu/icicle-emu
GitHub
GitHub - icicle-emu/icicle-emu: Core emulator components for Icicle
Core emulator components for Icicle. Contribute to icicle-emu/icicle-emu development by creating an account on GitHub.
❤2
Sanitize your C++ containers: ASan annotations step-by-step - https://blog.trailofbits.com/2024/09/10/sanitize-your-c-containers-asan-annotations-step-by-step/
The Trail of Bits Blog
Sanitize your C++ containers: ASan annotations step-by-step
AddressSanitizer (ASan) is a compiler plugin that helps detect memory errors like buffer overflows or use-after-frees. In this post, we explain how to equip your C++ code with ASan annotations to find more bugs. We also show our work on ASan in GCC and LLVM.…
❤1
Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing - https://dl.acm.org/doi/10.1145/3663529.3663790
ACM Conferences
Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing | Companion Proceedings of the 32nd ACM International…
❤1
Reasons for the unreasonable success of fuzzing - https://docs.google.com/presentation/d/1vw9lywrMnNojiOIu-xU5KXZz7WzE0MYNQF6V7n6vyY8/edit#slide=id.g2768ca7ef44_0_65
Google Docs
The unreasonable success of Fuzzing
Reasons for the unreasonable success of fuzzing Does ML’s “bitter lesson” apply to bug discovery?
❤1
Hunting Bugs in Linux Kernel With KASAN: How to Use it & What's the Benefit? - https://slavamoskvin.com/hunting-bugs-in-linux-kernel-with-kasan-how-to-use-it-whats-the-benefit/
❤1
FUZZING'24 Keynote: "Is 'AI' useful for fuzzing?" - https://www.youtube.com/watch?v=4BPJXmrdmls
YouTube
FUZZING'24 Keynote: "Is 'AI' useful for fuzzing?" by Brendan Dolan-Gavitt
FUZZING'24 Keynote: "Is 'AI' useful for fuzzing?" by Brendan Dolan-Gavitt
Abstract: Discussion of AI and its applications to security seems unavoidable nowadays, and, alas, this keynote is no exception. But is it actually useful for problems we care about…
Abstract: Discussion of AI and its applications to security seems unavoidable nowadays, and, alas, this keynote is no exception. But is it actually useful for problems we care about…
❤1
FUZZING'24 Keynote: "Reasons for the Unreasonable Success of Fuzzing" - https://www.youtube.com/watch?v=Jd1hItbf52k
YouTube
FUZZING'24 Keynote: "Reasons for the Unreasonable Success of Fuzzing" by Thomas Dullien
FUZZING'24 Keynote: "Reasons for the Unreasonable Success of Fuzzing" by Thomas Dullien
Abstract: The hacker culture of my youth (90s) was a very typical male-centric teenage subculture, with norms and value systems that were at odds with broader society.…
Abstract: The hacker culture of my youth (90s) was a very typical male-centric teenage subculture, with norms and value systems that were at odds with broader society.…
❤2
Fuzzing from First Principles - https://zerodayengineering.com/research/slides/FuzzingFromFirstPrinciples.pdf
❤1
Securing the software commons: Standards, Automation, and AI for a Resilient Open Source Future - https://drive.google.com/file/d/186iq3Yo8OJaMKLwtANfXgxYKYxcgq3ZR/view / https://www.youtube.com/watch?v=NwI2MkANdtk
YouTube
Keynote: Securing the Software Commons: Standards, Automation, and AI for a Resilie... Abhishek Arya
Keynote: Securing the Software Commons: Standards, Automation, and AI for a Resilient Open Source Future - Abhishek Arya, Principal Engineer, Google Open Source and Supply Chain Security, Google
Open source software forms a critical component of our modern…
Open source software forms a critical component of our modern…
❤1🔥1
LLM-based Fuzz Harness generation with OSS-Fuzz-gen - https://youtu.be/RR7CUyOtYXY?si=AvoF950UA0s7ReaK
YouTube
LLM-based Fuzz Harness generation with OSS-Fuzz-gen
This video is a short introduction on how to use OSS-Fuzz-gen to generate fuzzing harnesses.
🔥1