Collaborate Disseminate
IoT protocols are a relatively unexplored field compared to most PC-exposed protocols – it’s bothersome to need a whole radio setup before you can tinker on something, and often, for …read more Continue reading Crash IoT Devices Through Protocol Fuzzing
In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. He explains how these tools can complement human knowledge to enhance software security analysis a… Continue reading What does optimal software security analysis look like?
Can generative AI be leverage for fuzzing for vulnerabilities?
Continue reading Can generative AI be used for fuzzing for vulnerabilities? [closed]
In many articles, they say the experiment took place over N-CPU core years period.
The following are some of the ones I have written. If you could provide the calculation behind them, I would appreciate it:
The experiments were conducted … Continue reading calculate cpu core years in fuzzing [closed]
I am currently working on an assignment paper that asks how each type of fuzzing would work and in what use case they would be used.
I defined Feedback as a tool that would throw inputs which would deviate and check to see if those deviate… Continue reading In what use case would Mutational and Feedback fuzzing be used in?
Google has announced the Google Cloud Assured Open Source Software (Assured OSS) service, which aims to be a trusted source of secure open source packages, and the deps.dev API, which provides access to security metadata for 50+ million open source pac… Continue reading Google delivers secure open source software packages
Some creator I support on SubscribeStar hosts their files on a dedicated AWS web storage server of theirs and the names are easily accessible and sometimes guessable without any kind of security or authentication. I got curious to see what… Continue reading Unlisted directory discovery of a web server without using bruteforce attacks
Sometimes, security mechanisms can be bypassed if you just do things slightly out of the ordinary. For instance, readout protection on microcontrollers is a given nowadays, to the point where …read more Continue reading Need To Dump A Protected STM32F0x? Use Your Pico!
Recently I saw a demonstration to fuzz IPv6 network interface of an android device
The tool in use was fuzz_ip6 from https://github.com/vanhauser-thc/thc-ipv6
And the tool was executed in the form of such as "sudo fuzz_ip6 -5 <inte… Continue reading Is it possible to send packets to network interface in an android device from host computer? [closed]
Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential of using fuzzing to uncover security holes in implementations of cryptographic… Continue reading Vulnerabilities in cryptographic libraries found through modern fuzzing