Fuzzing Host-to Guest Attack Surface in Android Protected KVM - Eugene Rodionov & Will Deacon, Google

Android 13 introduces native support of virtualization services built on top of Protected KVM (pKVM) for arm64 devices. Unlike in traditional KVM where…

Making Fuzzing Part of Your Software Development Lifecycle - Jonathan Metzman, Google

Fuzzing is a testing technique that uses randomized inputs to find bugs in software. Fuzzing is the most successful automated vulnetability/bug-finding technique and has…

James Kukucka from George Mason University at the 3nd International KLEE Workshop on Symbolic Execution


KLEE Workshop 2022: https://srg.doc.ic.ac.uk/klee22/
Slides: https://srg.doc.ic.ac.uk/klee22/talks/Kukucka-Confetti.pdf

RedEye is a visual analytic tool supporting Red & Blue Team operations - cisagov/RedEye

There may be an all-new acronym for you to try and remember, as a result of Microsoft fixing a lingering issue. This...

by: Igor Korkin (@IgorKorkin) and Denis Pogonin

Windows OS is facing a huge rise in kernel attacks. An overview of popular techniques that result in loading kernel drivers will be presented. One of the key targets of modern threats is disabling and blinding…

Contribute to googleprojectzero/SockFuzzer development by creating an account on GitHub.

An Analysis of Remote Code Execution Vulnerability CVE-2022–34718

In 1998 Tom was arrested for hacking, and was told he was looking at over 270 years in prison. Time for a career change! Tom went on to a life as an academic, earning a PhD in Artificial Intelligence, before starting a career as an SEO consultant (you think…

As long as a fuzzer is uncovering a steady stream of bugs, we can haveconfidence it’s serving its purpose. But a silent fuzzer is harder to interpret:is our ...

By James Forshaw, Project Zero I've been spending a lot of time researching Windows authentication implementations, specifically Kerberos...