Collaborate Disseminate
While pentesting KasperskyOS-based Thin Client and IoT Secure Gateway, we found several vulnerabilities in the Suricata and FreeRDP open-source projects. We shared details on these vulnerabilities with the community along with our fuzzer. Continue reading Memory corruption vulnerabilities in Suricata and FreeRDP
I am facing a recurring issue when attempting to use the -N option to specify network settings for fuzzing an HTTP server. Despite following the syntax guidelines, AFLNET doesn’t seem to recognize the network settings correctly.
Commands U… Continue reading Issue with -N Option in AFLNET: Fails to Parse Network Settings Correctly [closed]
The UK has the answer to all our IoT problems: banning bad default passwords. Additionally, the new UK law requires device makers to provide contact info for vulnerability disclosures, as …read more Continue reading This Week in Security: Default Passwords, Lock Slapping, and Mastodown
IoT protocols are a relatively unexplored field compared to most PC-exposed protocols – it’s bothersome to need a whole radio setup before you can tinker on something, and often, for …read more Continue reading Crash IoT Devices Through Protocol Fuzzing
In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. He explains how these tools can complement human knowledge to enhance software security analysis a… Continue reading What does optimal software security analysis look like?
Can generative AI be leverage for fuzzing for vulnerabilities?
Continue reading Can generative AI be used for fuzzing for vulnerabilities? [closed]
In many articles, they say the experiment took place over N-CPU core years period.
The following are some of the ones I have written. If you could provide the calculation behind them, I would appreciate it:
The experiments were conducted … Continue reading calculate cpu core years in fuzzing [closed]
I am currently working on an assignment paper that asks how each type of fuzzing would work and in what use case they would be used.
I defined Feedback as a tool that would throw inputs which would deviate and check to see if those deviate… Continue reading In what use case would Mutational and Feedback fuzzing be used in?
Google has announced the Google Cloud Assured Open Source Software (Assured OSS) service, which aims to be a trusted source of secure open source packages, and the deps.dev API, which provides access to security metadata for 50+ million open source pac… Continue reading Google delivers secure open source software packages
Some creator I support on SubscribeStar hosts their files on a dedicated AWS web storage server of theirs and the names are easily accessible and sometimes guessable without any kind of security or authentication. I got curious to see what… Continue reading Unlisted directory discovery of a web server without using bruteforce attacks