Beaconfuzz - A Journey into Ethereum 2.0 Blockchain Fuzzing and Vulnerability Discovery - https://fuzzinglabs.com/wp-content/uploads/2022/02/Beaconfuzz_OffensiveCon2022_patrick_ventuzelo.pdf
👍2
The Death of “Please Enable Macros” and What it Means
https://research.checkpoint.com/2022/the-death-of-please-enable-macros-and-what-it-means/
https://research.checkpoint.com/2022/the-death-of-please-enable-macros-and-what-it-means/
Check Point Research
The Death of "Please Enable Macros" and What it Means - Check Point Research
Introduction On the 7th of February, Microsoft announced an impending change to its ubiquitous suite of Office apps. In Microsoft’s own words: “VBA macros obtained from the internet will now be blocked by default”. The change is expected to begin rolling…
FitM, the Fuzzer-in-the-Middle, is a AFL++-based coverage-guided fuzzer for stateful, binary-only client-server applications
https://github.com/FGSect/FitM
https://github.com/FGSect/FitM
GitHub
GitHub - fgsect/FitM: FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot…
FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up. - fgsect/FitM
Go Fuzz Testing - The Basics - https://blog.fuzzbuzz.io/go-fuzzing-basics/
GraphFuzz: experimental framework for building structure-aware, library API fuzzers - https://github.com/hgarrereyn/GraphFuzz
GitHub
GitHub - hgarrereyn/GraphFuzz: GraphFuzz is an experimental framework for building structure-aware, library API fuzzers.
GraphFuzz is an experimental framework for building structure-aware, library API fuzzers. - hgarrereyn/GraphFuzz
OffensiveCon22 - Patrick Ventuzelo - Beaconfuzz - https://www.youtube.com/watch?v=nERNZ5mL46Q
YouTube
OffensiveCon22 - Patrick Ventuzelo - Beaconfuzz
Beaconfuzz - A Journey into Ethereum 2.0 Blockchain Fuzzing and Vulnerability Discovery
https://www.offensivecon.org/speakers/2022/patrick-ventuzelo.html
https://www.offensivecon.org/speakers/2022/patrick-ventuzelo.html
OffensiveCon22 - Tamas K Lengyel and Bálint Varga-Perke - Case Studies of Fuzzing with Xen - https://www.youtube.com/watch?v=EFrIfXd3KZQ
YouTube
OffensiveCon22 - Tamas K Lengyel and Bálint Varga-Perke - Case Studies of Fuzzing with Xen
https://www.offensivecon.org/speakers/2022/tamas-k-lengyel-and-b%C3%A1lint-varga-perke.html
Kubernetes Goat
Interactive Kubernetes Security Learning Playground
https://madhuakula.com/kubernetes-goat/
Interactive Kubernetes Security Learning Playground
https://madhuakula.com/kubernetes-goat/
Madhuakula
Welcome to Kubernetes Goat | Kubernetes Goat
Interactive Kubernetes Security Learning Playground
👍2
Generating Test Suites for GPU Instruction Sets through Mutation and Equivalence Checking - https://fuzzingworkshop.github.io/papers/GPU-Slides.pdf
🔥1
Looking for Remote Code Execution bugs in the Linux kernel - https://xairy.io/articles/syzkaller-external-network
Andrey Konovalov
🔍 Looking for Remote Code Execution bugs in the Linux kernel
Using syzkaller to fuzz the Linux kernel network stack externally
Earn $200K by fuzzing for a weekend: Part 1 - https://secret.club/2022/05/11/fuzzing-solana.html
secret club
Earn $200K by fuzzing for a weekend: Part 1
By applying well-known fuzzing techniques to a popular target, I found several bugs that in total yielded over $200K in bounties. In this article I will demonstrate how powerful fuzzing can be when applied to software which has not yet faced sufficient testing.
ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
https://github.com/google/clusterfuzzlite
https://github.com/google/clusterfuzzlite
GitHub
GitHub - google/clusterfuzzlite: ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
ClusterFuzzLite - Simple continuous fuzzing that runs in CI. - google/clusterfuzzlite
Running HashiCorp Vault in Production by Dan McTeer.pdf
2.6 MB
Running HashiCorp Vault in Production by Dan McTeer
PM for Password
PM for Password
🔥2👍1
Offensive Windows IPC Internals 3: ALPC
https://csandker.io/2022/05/24/Offensive-Windows-IPC-3-ALPC.html
https://csandker.io/2022/05/24/Offensive-Windows-IPC-3-ALPC.html
HyperDbg Debugger: State-of-the-art native Windows debugging tool designed for analyzing, fuzzing and reversing - https://github.com/HyperDbg/HyperDbg
GitHub
GitHub - HyperDbg/HyperDbg: State-of-the-art native debugging tools
State-of-the-art native debugging tools. Contribute to HyperDbg/HyperDbg development by creating an account on GitHub.
Fuzzing the CNCF Landscape - https://youtu.be/zIyIZxAZLzo
YouTube
Fuzzing the CNCF Landscape - Adam Korczynski & David Korczynski, Ada Logics
Fuzzing the CNCF Landscape - Adam Korczynski & David Korczynski, Ada Logics
This talk presents Adam’s and David’s experience with fuzzing more than ten projects in the CNCF landscape over the last year resulting in more than hundred bugs filed and fixed.…
This talk presents Adam’s and David’s experience with fuzzing more than ten projects in the CNCF landscape over the last year resulting in more than hundred bugs filed and fixed.…