Hey,
I hope your summer was good! A lot of good fuzzing news/stuff was released during the past 2 months!
📺 Videos/Podcasts
Fuzzing for Bugs 🎸🤘 AI-generated Rock Song for Security Researcher 😎 - https://www.youtube.com/watch?v=W5ahqFfDKrg
📝 Blogposts/Papers/Slides
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing - https://www.mlsec.org/docs/2024c-asiaccs.pdf
Expand the reach of Fuzzing - https://thuanpv.github.io/publications/NUS_Summer_School_Thuan_Pham_Final_Public.pdf
On Understanding and Forecasting Fuzzers Performance with Static Analysis - https://s3.eurecom.fr/docs/ccs24_zhang.pdf
Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 1)
- https://secret.club/2024/06/30/ring-around-the-regex-1.html
ARVO: Atlas of Reproducible Vulnerabilities for Open Source Software - https://arxiv.org/pdf/2408.02153
RISCVuzz: Discovering Architectural CPU Vulnerabilities via Differential Hardware Fuzzing - https://ghostwriteattack.com/riscvuzz.pdf
Fuzzing scripting languages' interpreters' native functions using AFL++ to find memory corruption and more - https://joshua.hu/aflplusplus-fuzzing-scripting-languages-natively
Overcoming State: Finding Baseband Vulnerabilities by Fuzzing Layer-2 - https://i.blackhat.com/BH-US-24/Presentations/US24-Goos-Overcoming-State-Finding-Baseband-Vulnerabilities-Thursday.pdf
Meta Bug Bounty — Fuzzing “netconsd” for fun and profit - part 1 - https://blog.fadyothman.com/meta-bug-bounty-fuzzing-netconsd-for-fun-and-profit-part-1-6ffe96eb1419
Meta Bug Bounty — Fuzzing “netconsd” for fun and profit — part 2 - https://blog.fadyothman.com/meta-bug-bounty-fuzzing-netconsd-for-fun-and-profit-part-2-52bf188cc877
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing - https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks-part-1/
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case - https://blog.talosintelligence.com/fuzzing-ucos-protocol-stacks-part-2/
Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver - https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks-part-3/
⚙️ Tools/Repositories
Fuzz anything with Program Environment Fuzzing - https://github.com/GJDuck/EnvFuzz
Syzkaller got snapshot-based mode - https://x.com/dvyukov/status/1821543202585022910?t=A5hsdcyoiN48qFNeOUAJoQ&s=03
See you next month and take care!
📡 Fuzzinglabs Socials: Twitter | Telegram | Youtube
Patrick
Hey,
Here is the latest fuzzing news released last month!
📺 Videos/Podcasts
How to Fuzz Your Way to Android Universal Root: Attacking Android Binder - https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9
📝 Blogposts/Papers/Slides
Fuzzing embedded systems - Part 1, Introduction - https://blog.sparrrgh.me//fuzzing/embedded/2024/06/05/fuzzing-embedded-systems-1.html
Driving forward in Android drivers - https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html
Automated security testing of unexplored targets through feedback-guided fuzzing - https://depositonce.tu-berlin.de/items/c3aaf2ec-8036-4651-a609-9c3b11a7f705
Finding mispriced opcodes with fuzzing - https://blog.trailofbits.com/2024/06/17/finding-mispriced-opcodes-with-fuzzing/
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models - https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Lucid - Fuzzer Development 4: Snapshots, Code-Coverage, and Fuzzing - https://h0mbre.github.io/Lucid_Snapshots_Coverage
IPC Fuzzing with Snapshots - https://blog.mozilla.org/attack-and-defense/2024/06/24/ipc-fuzzing-with-snapshots/
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge - https://security.googleblog.com/2024/06/hacking-for-defenders-approaches-to.html
See you next month and take care!
📡 Fuzzinglabs Socials: Twitter | Telegram | Youtube
Patrick
Hey,
Here is the latest fuzzing news released last month!
📺 Videos/Podcasts
FuzzyAI: Attacking LLMs With Coverage-Guided Fuzzing - https://youtu.be/hBPiiaUiOH8?si=nUE5JHVrdFxgQbR5
Your NVMe Had Been Syz'ed - https://youtu.be/Jc25CM1Ppgo?si=jsz0Beqpr2nJ6h8g
Linux Fuzzing Tutorial with AFL Fuzzer - https://www.youtube.com/watch?v=g6BQ-Ae_E4Q
A Bug Hunter’s Reflections on Fuzzing - https://a13xp0p0v.github.io/img/Alexander_Popov-Reflections_on_Fuzzing.pdf / https://www.youtube.com/watch?v=wTbFmdx7wG8
📝 Blogposts/Papers/Slides
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller - https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
Coverage guided fuzzing for native Android libraries (Frida & Radamsa) - https://knifecoat.com/Posts/Coverage+guided+fuzzing+for+native+Android+libraries+(Frida+%26+Radamsa)
Large Language Model guided
Protocol Fuzzing - https://mboehme.github.io/paper/NDSS24.pdf
Talos releases new macOS open-source fuzzer - https://blog.talosintelligence.com/talos-releases-new-macos-fuzzer/
To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux’ Wireless Stacks through VirtIO Devices - https://www.computer.org/csdl/proceedings-article/sp/2024/313000a024/1RjEa0y9RMQ
Everything is Good for Something: Counterexample-Guided Directed Fuzzing via
Likely Invariant Inference - https://nebelwelt.net/files/24Oakland2.pdf
Hunting bugs in Nginx JavaScript engine (njs) - https://0xbigshaq.github.io/2024/05/24/njs-vr-bugs/
Introducing LLM-based harness synthesis for unfuzzed projects - https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/
TSS @ NUS - Fuzz Testing publications: https://nus-tss.github.io/fuzzing/publications/
Democratizing Fuzzing at Scale - https://drive.google.com/file/d/1lUFIugzEy1eBBWkLDHC_hzRfahZUCZYR/view
Thread on (counter-)intuitive fuzzing behavior and statistics - https://x.com/mboehme_/status/1795828470221820382
Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example - https://tsmr.eu/blackbox-fuzzing.html
⚙️ Tools/Repositories
https://github.com/user1342/AutoCorpus: AutoCorpus is a tool backed by a large language model (LLM) for automatically generating corpus files for fuzzing.
https://github.com/lus33rr/AyedFuzzer: AyedFuzzer is a small Fuzzer with 3 options (File mutating, WinDbg-interactive monitor, multi-processing) for windows executables
Cisco-Talos/snap_wtf_macos: WTF Snapshot fuzzing of macOS targets - https://github.com/Cisco-Talos/snap_wtf_macos
https://github.com/seemoo-lab/VirtFuzz: VirtFuzz is a Linux Kernel Fuzzer that uses VirtIO to provide inputs into the kernels subsystem. It is built with LibAFL.
See you next month and take care!
📡 Fuzzinglabs Socials: Twitter | Telegram | Youtube
Patrick
Hey,
Here is the latest fuzzing news released last month!
📺 Videos/Podcasts
Discoveries from Analyzing 141 Real-World ZK-SNARK Vulnerabilities! 🧐 - https://youtu.be/oxvcEXha69c
📝 Blogposts/Papers/Slides
ImageIO, the infamous iOS Zero Click Attack Vector. - https://r00tkitsmm.github.io/fuzzing/2024/03/29/iOSImageIO.html
The Windows Registry Adventure #1: Introduction and research results - https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
A Basic Guide to AFL QEMU - https://medium.com/@cy1337/a-basic-guide-to-afl-qemu-495df504b5fb
⚙️ Tools/Repositories
what the fuzz: Linux mode - https://github.com/0vercl0k/wtf/tree/main/linux_mode
Aplos Fuzzer: Aplos an extremely simple fuzzer for Windows binaries - https://github.com/20urc3/Aplos
Prompt Fuzzer: open-source tool to help you harden your GenAI applications - https://github.com/prompt-security/ps-fuzz
AFLPlusPlus command generator to make the best use of multiple cores - https://github.com/0xricksanchez/AFL_Runner
See you next month and take care!
📡 Fuzzinglabs Socials: Twitter | Telegram | Youtube
Patrick
Hey,
Here is the latest fuzzing news released last month!
📝 Blogposts/Papers/Slides
LLVM Fuzzing Audit - https://adalogics.com/blog/llvm-fuzzing-audit
Fuzzer Development 3: Building Bochs, MMU, and File I/0 - https://h0mbre.github.io/Loading_Bochs/#
Claude 3 writes a fuzzer - https://gist.github.com/moyix/02029770cb4f7afc2ae91a01b3929118
Using LLMs to Generate Fuzz Generators - https://verse.systems/blog/post/2024-03-09-using-llms-to-generate-fuzz-generators/
Fuzzing in the 2020s: Novel Approaches and Solutions - https://www.eurecom.fr/publication/7452/download/sec-publi-7452.pdf
SyzRetrospector: A Large-Scale Retrospective Study of Syzbot - https://arxiv.org/pdf/2401.11642.pdf
Why fuzzing over formal verification? - https://blog.trailofbits.com/2024/03/22/why-fuzzing-over-formal-verification/
Structure-Aware linux kernel Fuzzing with libFuzzer - https://r00tkitsmm.github.io/fuzzing/2024/03/27/libffuzzerkernel.html
⚙️ Tools/Repositories
snapshot: A Rust WinDbg extension that takes a snapshot of a running VM - https://github.com/0vercl0k/snapshot
Introducing Ruzzy, a coverage-guided Ruby fuzzer - https://blog.trailofbits.com/2024/03/29/introducing-ruzzy-a-coverage-guided-ruby-fuzzer/ / https://github.com/trailofbits/ruzzy
See you next month and take care!
📡 Fuzzinglabs Socials: Twitter | Telegram | Youtube
Patrick
Hey,
We are opening the waiting list for our new online course about Rust Binary Reverse Engineering, register to be informed when it will become publicly available.
Here is the latest fuzzing news released last month!
📝 Blogposts/Papers/Slides
SoK: Prudent Evaluation Practices for Fuzzing - https://mschloegel.me/paper/schloegel2024sokfuzzevals.pdf
KernelGPT: Enhanced Kernel Fuzzing via Large Language Models - https://arxiv.org/pdf/2401.00563.pdf
Fuzzer Development: Sandboxing Syscalls - https://h0mbre.github.io/Lucid_Context_Switching/#
Continuously fuzzing Python C extensions - https://blog.trailofbits.com/2024/02/23/continuously-fuzzing-python-c-extensions/
Large Language Model guided Protocol Fuzzing - https://www.ndss-symposium.org/wp-content/uploads/2024-556-paper.pdf
⚙️ Tools/Repositories
oss-fuzz-gen: LLM powered fuzzing via OSS-Fuzz - https://github.com/google/oss-fuzz-gen
Lucid: An educational Bochs-based snapshot fuzzer project - https://github.com/h0mbre/Lucid
U-Fuzz: Stateful Fuzzing of IoT Protocols on COTS Devices - https://github.com/asset-group/U-Fuzz
See you next month and take care!
📡 Fuzzinglabs Socials: Twitter | Telegram | Youtube
Patrick
Hey,
Not that much fuzzing news was released last month!
📺 Videos/Podcasts
Finding The .webp Vulnerability in 8s (Fuzzing with AFL++) - https://www.youtube.com/watch?v=PJLWlmp8CDM
Underutilized Fuzzing Strategies for Modern Software Testing - https://www.youtube.com/watch?v=fMzeIv4U4LI
⚙️ Tools/Repositories
Apple video decoder fuzzing example - https://github.com/googleprojectzero/Jackalope/tree/main/examples/VideoToolbox
GitHub (https://github.com/googleprojectzero/Jackalope/tree/main/examples/VideoToolbox)
SimpleNTSyscallFuzzer: Fuzzer for Windows kernel syscalls - https://github.com/waleedassar/SimpleNTSyscallFuzzer
See you next month and take care!
📡 Fuzzinglabs Socials: Twitter | Telegram | Youtube
Patrick
Hey,
Happy New Year 🎉 and all the best for 2024!
Here is the latest fuzzing news released last month!
📺 Videos/Podcasts
USENIX Security '23 - Forming Faster Firmware Fuzzers - https://www.youtube.com/watch?v=mLnLs6tA7bM
IPFS OSINT & Blockchain CTI: Exploring IPFS Data Collection & Analysis - https://youtu.be/Pp_3t2VV1W0
How to use vulhub - Dockerized Vulnerability Replication - https://www.youtube.com/watch?v=z0W3tfNQ-XQ
Fuzz Everything, Everywhere, All at Once: Advanced QEMU-based fuzzing - slides: https://fahrplan.events.ccc.de/congress/2023/fahrplan/system/event_attachments/attachments/000/004/435/original/aflplusplus-ccc-libafl_emu_%282%29.pdf / video: https://media.ccc.de/v/37c3-12102-fuzz_everything_everywhere_all_at_once
Fuzzing the TCP/IP stack - video: https://media.ccc.de/v/37c3-12235-fuzzing_the_tcp_ip_stack
📝 Blogposts/Papers/Slides
Semantic fuzzing of the Rust compiler and interpreter - https://ethz.ch/content/dam/ethz/special-interest/infk/inst-pls/plf-dam/documents/StudentProjects/MasterTheses/2023-Andy-Thesis.pdf
tmpout vol3 - "silver bullet to elf consumer projects" (fuzzing projects that take ELFs as input) - https://tmpout.sh/3/09.html
Fuzzing WeChat’s Wxam Parser - https://signal-labs.com/fuzzing-wechats-wxam-parser/
A LibAFL Introductory Workshop - https://www.atredis.com/blog/2023/12/4/a-libafl-introductory-workshop
Revisiting Neural Program Smoothing for Fuzzing - https://dl.acm.org/doi/pdf/10.1145/3611643.3616308
Fuzzing: The Age of Vulnerability Discovery - https://fuzzing.io/hushcon23.pdf
Structure-Aware Fuzzing With AFL - https://devilinside.me/blogs/afl-structure-aware-fuzzing-protobuf-mutator
Lost in Translation: A Study of Bugs Introduced by Large Language Models while Translating Code: paper - https://arxiv.org/abs/2308.03109, code - https://github.com/Intelligent-CAT-Lab/PLTranslationEmpirical
⚙️ Tools/Repositories
kudelskisecurity/fuzzomatic: Automatically fuzz Rust projects from scratch using AI - https://github.com/kudelskisecurity/fuzzomatic
tsffs: A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS - https://github.com/intel/tsffs
See you next month and take care!
📡 Fuzzinglabs Socials: Twitter | Telegram | Youtube
Patrick
Hey,
🚀 It's the last week to use a 10% discount on all our online courses using the BLACKFRIDAY23 code 🎓
Don't miss out on this opportunity to enhance your fuzzing and reversing skills at a great price ;)
Here is the latest fuzzing news released last month!
📺 Videos/Podcasts
Open source fuzzing introspection - https://www.youtube.com/watch?v=RLoLfo2V2HI
HEXACON2023 - A Year Fuzzing XNU Mach IPC by Nguyen Vu Hoang - https://www.youtube.com/watch?v=gZujzty6O7o
Snapshot Fuzzing with WTF Fuzzer - https://www.youtube.com/watch?v=ZT01RaC4SKs
Prompt Injection 🎯 AI & LLM hacking and GPT Attack - https://youtu.be/86AFddhX2zc
📝 Blogposts/Papers/Slides
Fuzzer Development: The Soul of a New Machine - https://h0mbre.github.io/New_Fuzzer_Project/
CNCF Fuzzing Handbook - https://github.com/cncf/tag-security/blob/main/security-fuzzing-handbook/handbook-fuzzing.pdf
Escaping the sandbox: A bug that speaks for itself - https://microsoftedge.github.io/edgevr/posts/Escaping-the-sandbox-A-bug-that-speaks-for-itself/
Fuzzing Tinybmp in Rust || From dumb to structure-aware guide - https://symeonp.github.io/2022/11/16/tinybmp_rust_fuzzing.html
⚙️ Tools/Repositories
HOEDUR: Embedded Firmware Fuzzing using Multi-Stream Inputs - https://github.com/fuzzware-fuzzer/hoedur
SplITS: automated fuzzing framework focused on solving magic strings in monolithic firmware. - https://github.com/SplITS-Fuzzer/SplITS
See you next month and take care!
📡 Fuzzinglabs Socials: Twitter | Telegram | Youtube
Patrick
Hey,
Here is the latest fuzzing news released last month ;)
📝 Blogposts/Papers/Slides
UBfuzz: Finding Bugs in Sanitizer Implementations - link
GPTFUZZER: Red Teaming Large Language Models with Auto-Generated Jailbreak Prompts - link
ADVANCED FUZZING UNMASKS ELUSIVE VULNERABILITIES - link
Snapshot fuzzing direct composition with WTF - link
Large Language Model guided Protocol Fuzzing - link
Cascade: CPU Fuzzing via Intricate Program Generation - link
Writing a Windows Fuzzer From Scratch - link
See you next month and take care!
📡 Fuzzinglabs Socials: Twitter | Telegram | Youtube | TitkTok
Patrick