indirect syscalls for AV/EDR evasion in Go assembly - f1zm0/acheron

Problem Statement You attempt to analyze a binary file compiled in the Rust programming language. You open the file in your favorite disassembler. Twenty minutes later you wish you had never been born. You’ve trained yourself to think like g++ and msvc: Here’s…

This fuzzing introduction cover all the essentials one should know about the art of fuzzing. It explain major concept and illustrate it with and hands-on exercise the reader can follow. In conclusion some hints are given on how to hunt for bugs with fuzzing.

 Author: hugeh0ge Introduction  This article is Part 2 of the 4 blog posts in the Fuzzing Farm series. You can find the previous post at...

I reversed the firmware of my Garmin Forerunner 245 Music back in 2022 and found a dozen or so vulnerabilities in their support for Connect IQ applications. They can be exploited…

A technical write-up for a cross-site request forgery vulnerability present in some Debug Adapter Protocol implementations. The Debug Adapter Protocol is used by VS Code and other development tools to debug programs. The write-up details the vulnerability…

It is our great pleasure to welcome you to the 2nd International Workshop on Fuzzing (FUZZING 2023), co-located with ISSTA in Seattle, Washington, USA on 17 July 2023. This workshop is the continua...

Dongge Liu, Jonathan Metzman, Oliver Chang, Google Open Source Security Team  Since 2016, OSS-Fuzz has been at the forefront of automated v...