Hey,
I hope your summer was good! A lot of good fuzzing news/stuff was released during the past 2 months!
📺 Videos/Podcasts
Fuzzing for Bugs 🎸🤘 AI-generated Rock Song for Security Researcher 😎 - https://www.youtube.com/watch?v=W5ahqFfDKrg
📝 Blogposts/Papers/Slides
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing - https://www.mlsec.org/docs/2024c-asiaccs.pdf
Expand the reach of Fuzzing - https://thuanpv.github.io/publications/NUS_Summer_School_Thuan_Pham_Final_Public.pdf
On Understanding and Forecasting Fuzzers Performance with Static Analysis - https://s3.eurecom.fr/docs/ccs24_zhang.pdf
Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 1)
- https://secret.club/2024/06/30/ring-around-the-regex-1.html
ARVO: Atlas of Reproducible Vulnerabilities for Open Source Software - https://arxiv.org/pdf/2408.02153
RISCVuzz: Discovering Architectural CPU Vulnerabilities via Differential Hardware Fuzzing - https://ghostwriteattack.com/riscvuzz.pdf
Fuzzing scripting languages' interpreters' native functions using AFL++ to find memory corruption and more - https://joshua.hu/aflplusplus-fuzzing-scripting-languages-natively
Overcoming State: Finding Baseband Vulnerabilities by Fuzzing Layer-2 - https://i.blackhat.com/BH-US-24/Presentations/US24-Goos-Overcoming-State-Finding-Baseband-Vulnerabilities-Thursday.pdf
Meta Bug Bounty — Fuzzing “netconsd” for fun and profit - part 1 - https://blog.fadyothman.com/meta-bug-bounty-fuzzing-netconsd-for-fun-and-profit-part-1-6ffe96eb1419
Meta Bug Bounty — Fuzzing “netconsd” for fun and profit — part 2 - https://blog.fadyothman.com/meta-bug-bounty-fuzzing-netconsd-for-fun-and-profit-part-2-52bf188cc877
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing - https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks-part-1/
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case - https://blog.talosintelligence.com/fuzzing-ucos-protocol-stacks-part-2/
Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver - https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks-part-3/
⚙️ Tools/Repositories
Fuzz anything with Program Environment Fuzzing - https://github.com/GJDuck/EnvFuzz
Syzkaller got snapshot-based mode - https://x.com/dvyukov/status/1821543202585022910?t=A5hsdcyoiN48qFNeOUAJoQ&s=03
See you next month and take care!
📡 Fuzzinglabs Socials: Twitter | Telegram | Youtube
Patrick