Differential fuzzing for cryptography - https://blog.quarkslab.com/differential-fuzzing-for-cryptography.html
Quarkslab
Differential fuzzing for cryptography - Quarkslab's blog
Following a brief introduction to differential fuzzing, this blog post reviews the leading tools that leverage it for testing cryptographic primitives. In the second half, we present a method for creating a differential fuzzer along with the results we obtained.
🔥3
Understanding and Improving Coverage Tracking with AFL++ - https://dl.acm.org/doi/pdf/10.1145/3678722.3685537
ACM Conferences
Understanding and Improving Coverage Tracking with AFL++ (Registered Report) | Proceedings of the 3rd ACM International Fuzzing…
Effective Fuzzing: A Dav1d Case Study - https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html
Blogspot
Effective Fuzzing: A Dav1d Case Study
Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero Late in 2023, while working on a 20% project with Projec...
CVR: The Mines of Kakadûm (Kakadu JPEG 2000 library) - https://bughunters.google.com/blog/6220757425586176/cvr-the-mines-of-kakad-m
Google
Blog: CVR: The Mines of Kakadûm
In this document, Google's Cloud Vulnerability Research team (CVR) presents vulnerabilities in a third-party JPEG 2000 image library called Kakadu. Exploiting memory corruption vulnerabilities typically requires knowledge about the target environment; however…
SockFuzzer v3 is out. (SockFuzzer: XNU Kernel Fuzzing Framework) - https://github.com/googleprojectzero/SockFuzzer
GitHub
GitHub - googleprojectzero/SockFuzzer
Contribute to googleprojectzero/SockFuzzer development by creating an account on GitHub.
👍4
Fuzzing confused dependencies with Depfuzzer - https://www.synacktiv.com/publications/fuzzing-confused-dependencies-with-depfuzzer
Synacktiv
Fuzzing confused dependencies with Depfuzzer
👍3
Tango: Extracting Higher-Order Feedback through State Inference - https://nebelwelt.net/files/24RAID.pdf
👍2🤯1
Fuzzing EV charging protocols: A deep dive into electric vehicle charging protocols (V2G) and a FOSS tool to find vulnerabilities in them — all in one research. - https://github.com/Cr0wTom/Conference-Talks/blob/main/2024/TROOPERS24%20-%20V2GEvil%20-%20Ghost%20in%20the%20wires.pdf / https://github.com/khuntpav/V2GEvil
GitHub
Conference-Talks/2024/TROOPERS24 - V2GEvil - Ghost in the wires.pdf at main · Cr0wTom/Conference-Talks
A list of my slides from past conference talks. . Contribute to Cr0wTom/Conference-Talks development by creating an account on GitHub.
🤩2👍1
SIMurai is software that emulates a SIM card, which helps in fuzzing modem firmware for vulnerabilities or testing SIM spyware. - https://www.usenix.org/system/files/usenixsecurity24_slides-lisowski.pdf / https://github.com/tomasz-lisowski/simurai
👍4
FINDING VULNERABILITY VARIANTS AT SCALE - https://blackwinghq.com/blog/posts/finding-vulnerability-variants-at-scale
Blackwinghq
Finding Vulnerability Variants at Scale
Blackwing Intelligence provides high-end security engineering, analysis, and research services for engineering focused organizations
🔥7👍2
CROWBAR: Natively Fuzzing Trusted Applications Using ARM CoreSight - https://link.springer.com/article/10.1007/s41635-023-00133-3
SpringerLink
CROWBAR: Natively Fuzzing Trusted Applications Using ARM CoreSight
Journal of Hardware and Systems Security - Trusted execution environments (TEE) are deployed on many platforms to provide both confidentiality and integrity, and their extensive use offers a secure...
😁3👍1