Despite wolfSSL’s rigorous software testing practices, in October 2024, Code Intelligence—an application security vendor—discovered a potentially exploitable defect in wolfSSL. Remarkably, the potential vulnerability was found without human intervention.…

LibAFL # The LibAFL fuzzer implements features from AFL-based fuzzers like AFL++. Similarly to AFL++, LibAFL provides better fuzzing performance and more advanced features over libFuzzer. However, with LibAFL, all functionality is provided in a modular and…

Specialized testing tool designed to identify vulnerabilities and bugs in OPC UA (Open Platform Communications Unified Architecture) implementations - ANSSI-FR/fuzzysully

Snapshot fuzzing enables security engineers to effectively test software that is traditionally difficult to analyze, such as kernel-level software (though the technique is not limited to such software). Whether you’re auditing drivers or other kernel-mode…

OGHarn: Oracle-guided Fuzzing Harness Generation. Contribute to FuturesLab/OGHarn development by creating an account on GitHub.

Full title: Rethinking Emulation for Fu(zzi)n(g) and Profit: Near-Native Rehosting for Embedded ARM Firmware
Slides: https://github.com/binarly-io/Research_Publications/blob/main/REverse_2025/Near-Native%20Rehosting%20for%20Embedded%20ARM%20Firmware.pdf
…

Fuzz testing is incredibly useful: it has caught many a bug during the development of NTP packet parsing and gzip/bzip2 (de)compression.

But I've always been unsatisfied with the fuzzer being a b ...

Guest post by Dillon Franke, Senior Security Engineer, 20% time on Project Zero Every second, highly-privileged MacOS system daemons accept and proces...

Multiple out-of-bounds read and null dereference bugs were identified in Microsoft Defender by using Snapshot Fuzzing with WTF and kAFL/NYX. The bugs can be used to crash the main Defender process as soon as the file is scanned. Most are unpatched, but none…

OSS-Fuzz integrations via agent-based build generation.

We explain how we built a fuzzer for network applications that we tried to make as efficient and as effective as possible. We utilized custom mutators and input passing over shared memory and found that it gave us a huge speed and coverage boost compared…

🚀 We're excited to announce the release of FuzzForge Open Source (OSS)!

FuzzForge is our open-source platform designed to automate offensive security workflows & AI Agents, from static analysis to fuzzing, debugging, and root cause analysis, all with AI…