Collaborate Disseminate
Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential of using fuzzing to uncover security holes in implementations of cryptographic… Continue reading Vulnerabilities in cryptographic libraries found through modern fuzzing
How can I fuzz any part of the URL with any strings, append string on middle of the URL or in any part of the URL?
Suppose a URL like this,
https://example.com/Fuzz/hello.html
And I want to add something, on "Fuzz"
So the full U… Continue reading Path fuzzing using curl [closed]
Fuzz testing helps developers protect their applications against memory corruptions, crashes that cause downtime, and other security issues, including DoS and uncaught exceptions. Code Intelligence has open-sourced a new security tool, CI Fuzz CLI, whi… Continue reading CI Fuzz CLI: Open-source tool simplifies fuzz testing for C++
I’m aware that writing a file with a reserved name such as CON.txt or CON.mp3, aux.txt, lpt1.html, etc. is not allowed by Windows and can be leveraged for enumeration.
However, what about reading a file with a reserved name?
For example, i… Continue reading Is Reading Windows Reserved Filenames Through a URL Valid for OS Enumeration?
I’m relatively new to using OWASP ZAP. I tried fuzzing POST requests with Zap and am able to see all the messages sent in the Fuzzer tab.
When I select one of the messages in the Fuzzer tab, I can see the respective Request and Response in… Continue reading Zap: How to export Fuzzer results/report with the Request and Response?
We decided to discuss less obvious tools for working with firmware, including Renode and Qiling. Each of those tools has its own features, advantages, and limitations that make it effective for certain types of task. Continue reading Dynamic analysis of firmware components in IoT devices
What is the relationship between fuzzing and buffer overflow and does fuzzing leads to buffer overflow? Is buffer overflow a subset of fuzzing?
Many today use code obfuscation as a way to make it harder for the bad people to reverse engineer their code. However, in view of open source software which is open to all, is code obfuscation still sufficient to deter reverse engineering … Continue reading In view of open source code which is open to all, is code obfuscation still sufficient or even relevant? [closed]
Many today use code obfuscation as a way to make it harder for the bad people to reverse engineer their code. However, does code obfuscation have any applicability to or have a place in Open Source software?
I refer to the Log4j logging framework vulnerability – Source: https://www.wired.com/story/log4j-flaw-hacking-internet/
Since software vulnerabilities is an inevitable part of life, and speed is of an essence when it comes to patching vuln… Continue reading Zero day vulnerabilities & Cybersecurity Supply Chain Risk Management – how to move from a reactive posture to a proactive posture? [duplicate]