Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case - https://blog.talosintelligence.com/fuzzing-ucos-protocol-stacks-part-2/
Cisco Talos Blog
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case
This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor.
❤2👍2
Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver - https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks-part-3/
Cisco Talos Blog
Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver
This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server.
❤2🔥2
Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example - https://tsmr.eu/blackbox-fuzzing.html
❤2
No Peer, no Cry: Network Application Fuzzing via Fault Injection - https://mschloegel.me/paper/bars2024fuzztructionnet.pdf
❤1
TROOPERS24: Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS - https://www.youtube.com/watch?v=tZmollb8NXk
YouTube
TROOPERS24: Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS
Talk by Dillon Franke - June 26th, 2024 at TROOPERS24 IT security conference in Heidelberg, Germany hosted by @ERNW_ITSec
#TROOPERS24 #ITsecurity
https://troopers.de/troopers24/talks/lb9pjt
More impressions:
https://twitter.com/WEareTROOPERS
https://t…
#TROOPERS24 #ITsecurity
https://troopers.de/troopers24/talks/lb9pjt
More impressions:
https://twitter.com/WEareTROOPERS
https://t…
❤1🤩1
Introducing Java fuzz harness synthesis using LLMs - https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
OSS-Fuzz blog
Introducing Java fuzz harness synthesis using LLMs
Introducing LLM-based harness generation for Java OSS-Fuzz projects.
❤1
WuppieFuzz v1.0.0: A coverage-guided REST API fuzzer developed on top of LibAFL - https://github.com/TNO-S3/WuppieFuzz
GitHub
GitHub - TNO-S3/WuppieFuzz: A coverage-guided REST API fuzzer developed on top of LibAFL
A coverage-guided REST API fuzzer developed on top of LibAFL - TNO-S3/WuppieFuzz
❤1
Icicle: Icicle is an experimental fuzzing-specific, multi-architecture emulation framework. - https://github.com/icicle-emu/icicle-emu
GitHub
GitHub - icicle-emu/icicle-emu: Core emulator components for Icicle
Core emulator components for Icicle. Contribute to icicle-emu/icicle-emu development by creating an account on GitHub.
❤2
Sanitize your C++ containers: ASan annotations step-by-step - https://blog.trailofbits.com/2024/09/10/sanitize-your-c-containers-asan-annotations-step-by-step/
The Trail of Bits Blog
Sanitize your C++ containers: ASan annotations step-by-step
AddressSanitizer (ASan) is a compiler plugin that helps detect memory errors like buffer overflows or use-after-frees. In this post, we explain how to equip your C++ code with ASan annotations to find more bugs. We also show our work on ASan in GCC and LLVM.…
❤1
Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing - https://dl.acm.org/doi/10.1145/3663529.3663790
ACM Conferences
Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing | Companion Proceedings of the 32nd ACM International…
❤1
Reasons for the unreasonable success of fuzzing - https://docs.google.com/presentation/d/1vw9lywrMnNojiOIu-xU5KXZz7WzE0MYNQF6V7n6vyY8/edit#slide=id.g2768ca7ef44_0_65
Google Docs
The unreasonable success of Fuzzing
Reasons for the unreasonable success of fuzzing Does ML’s “bitter lesson” apply to bug discovery?
❤1
Hunting Bugs in Linux Kernel With KASAN: How to Use it & What's the Benefit? - https://slavamoskvin.com/hunting-bugs-in-linux-kernel-with-kasan-how-to-use-it-whats-the-benefit/
❤1
FUZZING'24 Keynote: "Is 'AI' useful for fuzzing?" - https://www.youtube.com/watch?v=4BPJXmrdmls
YouTube
FUZZING'24 Keynote: "Is 'AI' useful for fuzzing?" by Brendan Dolan-Gavitt
FUZZING'24 Keynote: "Is 'AI' useful for fuzzing?" by Brendan Dolan-Gavitt
Abstract: Discussion of AI and its applications to security seems unavoidable nowadays, and, alas, this keynote is no exception. But is it actually useful for problems we care about…
Abstract: Discussion of AI and its applications to security seems unavoidable nowadays, and, alas, this keynote is no exception. But is it actually useful for problems we care about…
❤1
FUZZING'24 Keynote: "Reasons for the Unreasonable Success of Fuzzing" - https://www.youtube.com/watch?v=Jd1hItbf52k
YouTube
FUZZING'24 Keynote: "Reasons for the Unreasonable Success of Fuzzing" by Thomas Dullien
FUZZING'24 Keynote: "Reasons for the Unreasonable Success of Fuzzing" by Thomas Dullien
Abstract: The hacker culture of my youth (90s) was a very typical male-centric teenage subculture, with norms and value systems that were at odds with broader society.…
Abstract: The hacker culture of my youth (90s) was a very typical male-centric teenage subculture, with norms and value systems that were at odds with broader society.…
❤2
Fuzzing from First Principles - https://zerodayengineering.com/research/slides/FuzzingFromFirstPrinciples.pdf
❤1
Securing the software commons: Standards, Automation, and AI for a Resilient Open Source Future - https://drive.google.com/file/d/186iq3Yo8OJaMKLwtANfXgxYKYxcgq3ZR/view / https://www.youtube.com/watch?v=NwI2MkANdtk
YouTube
Keynote: Securing the Software Commons: Standards, Automation, and AI for a Resilie... Abhishek Arya
Keynote: Securing the Software Commons: Standards, Automation, and AI for a Resilient Open Source Future - Abhishek Arya, Principal Engineer, Google Open Source and Supply Chain Security, Google
Open source software forms a critical component of our modern…
Open source software forms a critical component of our modern…
❤1🔥1
LLM-based Fuzz Harness generation with OSS-Fuzz-gen - https://youtu.be/RR7CUyOtYXY?si=AvoF950UA0s7ReaK
YouTube
LLM-based Fuzz Harness generation with OSS-Fuzz-gen
This video is a short introduction on how to use OSS-Fuzz-gen to generate fuzzing harnesses.
🔥1
Lessons from the buzz: What have we learned from fuzzing the eBPF verifier - https://lpc.events/event/18/contributions/1946/attachments/1473/3119/Lessons%20from%20the%20buzz%20-%20LPC.pdf / https://www.youtube.com/live/mfMbtQYasB0?t=4035s
❤3
Google & Arm - Raising The Bar on GPU Security - https://security.googleblog.com/2024/09/google-arm-raising-bar-on-gpu-security.html
Google Online Security Blog
Google & Arm - Raising The Bar on GPU Security
Posted by Xuan Xing, Eugene Rodionov, Jon Bottarini, Adam Bacchus - Android Red Team;
Amit Chaudhary, Lyndon Fawcett, Joseph Artgole - ...
Amit Chaudhary, Lyndon Fawcett, Joseph Artgole - ...
😁1
DarthShader: Fuzzing WebGPU Shader Translators & Compilers - https://web3.arxiv.org/pdf/2409.01824
🔥1😁1