Notes on fuzzing with AFL and shared libraries can't resolve symbols| haxrob
History of how the idea of the book Fuzzing Against The Machine started and favorite chapters of the authors| Eduardo Blázquez’s Personal Webpage
In the last part of my Build simple fuzzer series I’ve promised some topics like patched binaries and performance counters. I’ve even implemented those things but decided that it is fairly repetitive and fundamentally does not introduce anything new. At that point other topics took priority so I had no clear idea what I should do with the series. Recently I’ve just decided to skip over the boring stuff and go straight to the topic that I wanted to reach eventually anyway - native instru...| 128 nops
Process separation remains one of the most important parts of the Firefox security model and securing our IPC (Inter-Process Communication) interfaces is crucial to keep privileges in the different processes separated. Today, we will take a more detailed look at our newest tool for finding vulnerabilities in these interfaces - snapshot fuzzing.| Attack & Defense
In the part 1 of my tutorial style blog post about fuzzing, I discussed how we can instrument the macOS KEXTs to collect code coverage at the basic block or edge level.| My interesting research.
Fuzzing closed source IoT firmware binaries with AFL++ in Qemu mode. Fuzzing networked apps often requires desocketing and patching the binary.| Attify Blog - IoT Security, Pentesting and Exploitation
Fuzzing closed source IoT firmware binaries with AFL++ in Qemu mode. Fuzzing networked apps often requires desocketing and patching the binary.| Attify Blog - IoT Security, Pentesting and Exploitation
This blog post is a reshare of a personal note I wrote 15 years ago, and I’m sharing it here for nostalgic reasons. fast forward to 2024, and we now have KASAN integrated into the Windows kernel.| My interesting researches
During our recent fuzzing efforts on various subsystems of the Linux kernel, we encountered a kernel panic. Interestingly, the kernel panic that exposed the vulnerability was not directly related to the input seed generated by our fuzzer. Instead, it was the fuzzer’s activity itself that inadvertently triggered the bug. Although the initial sample generated by the fuzzer didn’t provide a direct proof of concept (PoC), a thorough analysis of the panic log enabled us to develop a PoC for th...| My interesting researches
https://github.com/R00tkitSMM/CVE-2024-27804| My interesting researches
MS15-061 is a Use After Free vulnerability in Windows Kernel. A malicious application can exploit it be able to execute arbitrary code with kernel privileges.| My interesting researches
ImageIO is Apple’s Framework that handles image parsing, which exposes 0click attack surface| My interesting researches
Update:| My interesting researches
Hi everyone! I’m really happy to tell you about my experimenting adventure today. I decided to experiment with KCOV and see how I can hook it into libfuzzer and boot the kernel without spending too much on building a root file system.| My interesting researches
A case study in using AFL++, afl-cov and basic custom harnesses to find a bug in libsoup for a public bug bounty program.| Almond Offensive Security Blog
Introduction to the OSS-Fuzz blog| OSS-Fuzz blog
Enhancing Forge testing with fuzzing and invariant testing for smart contract security.| Sigma Prime
Process separation remains one of the most important parts of the Firefox security model and securing our IPC (Inter-Process Communication) interfaces is crucial to keep privileges in the different processes separated. We take a more detailed look at our newest tool for finding vulnerabilities in these interfaces – snapshot fuzzing. The post Snapshots for IPC Fuzzing appeared first on Mozilla Hacks - the Web developer blog.| Mozilla Hacks – the Web developer blog
Post provide tips on how to successfully fuzz network programs with AFL (American Fuzzy Lop)| Random Ramblings
In January Mozilla published a post on their Attack & Defense blog about Effectively Fuzzing the IPC Layer in Firefox. In this post the authors pointed out that testing individual components of complex systems (such as a web browser) in isolation should be extended by full-system testing, for which snapshot fuzzing seems like a promising tool. As I’ve been using KF/x – a snapshot fuzzer based on Xen’s virtual machine introspection capabilities – since its first release, this seemed li...| Silent Signal Techblog
Published on| offsec.almond.consulting
Using Zig allocators to improve the results of fuzz testing| www.ryanliptak.com
A stop-gap solution for fuzzing Zig code| www.ryanliptak.com
Using a fuzz tester to generate test cases for an alternate Lua implementation| www.ryanliptak.com
After the work detailed in part 1, altering the content of the NAND Flash of the Google Home Mini with ease is now possible. Despite this very privileged access, because of Google’s secure boot implementation, running arbitrary code on the CPU of the device isn’t possible using simple and naive methods. However, as we’ll see, there is still a way. This post will detail how I achieved code execution. It will require fuzzing, understanding some Linux code and finally exploiting a kernel b...| Courk's Blog
Summary| Gamozo Labs Blog
Twitter| Gamozo Labs Blog
I blog about random things security, everything is broken, nothing scales, shared memory models are flawed.| Gamozo Labs Blog
So slimy it belongs in the slime tree| Gamozo Labs Blog
Following the adventure of manually discovering network-based vulnerabilities in the Linux kernel, I'm adding ksmbd-fuzzing functionality to the already extensive kernel-fuzzing tool that is Syzkaller.| Pwning Tech
