fuzzing – Page 8 – WindowsTechs.com

Android Exploit Development Lab [on hold]

Posted on February 15, 2019 by Ihab Hajj

Looking to setup an exploit development environment to do the following:

Fuzz Android libraries to find new vulnerabilities
Re-create already existing bugs/vulnerabilities based on bug fixes found on the AOSP (write POC)
Ex… Continue reading Android Exploit Development Lab [on hold]→

Criteria for selecting fields and network protocols for fuzzing

Posted on February 8, 2019 by lalu

I want to test a specific device connected to different networks using fuzzing. For each network interface, there are different services listening using different protocols, with open specification.

As i can not fuzz every n… Continue reading Criteria for selecting fields and network protocols for fuzzing→

Google open sources ClusterFuzz

Posted on February 7, 2019 by Frederic Lardinois

Google today announced that it is open sourcing ClusterFuzz, a scalable fuzzing tool that can run on clusters with over 25,000 machines. The company has long used the tool internally and if you’ve paid particular attention to Google’s fuzzing efforts (and you have, right?), then this may all seem a bit familiar. That’s because Google […] Continue reading Google open sources ClusterFuzz→

Inner Circle Podcast Episode 020 – Ivan Novikov Chats about Fuzzing in Testing

Posted on February 1, 2019 by Tony Bradley

An application is no longer a product. In the world of cloud, and DevOps, and containers, an application is a process. There is no distinct beginning or end to development. The application is a living thing that cycles through a feedback loop–con… Continue reading Inner Circle Podcast Episode 020 – Ivan Novikov Chats about Fuzzing in Testing→

Prepare to Defend Your Network Against Swarm-as-a-Service

Posted on January 31, 2019 by Derek Manky

Swarm technology may be a game changer for the bad guys if organizations don’t change their tactics. Continue reading Prepare to Defend Your Network Against Swarm-as-a-Service→

Fuzzing an API with DeepState (Part 2)

Posted on January 23, 2019 by Alex Groce

Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Mutation Testing Introducing one bug by hand is fine, and we could try it again, but “the plural of anecdote is not data.” Howe… Continue reading Fuzzing an API with DeepState (Part 2)→

Fuzzing an API with DeepState (Part 1)

Posted on January 22, 2019 by Alex Groce

Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Using DeepState, we took a handwritten red-black tree fuzzer and, with minimal effort, turned it into a much more fully featured test gener… Continue reading Fuzzing an API with DeepState (Part 1)→

Fuzzing of Mobile Applications

Posted on January 18, 2019 by aneela

I have used AFL recently for fuzzing of OpenSSL and it worked great. Now I am interesting in fuzzing mobile applications like I have got some .apk and .ipa files which I need to fuzz.

I searched on internet and found out abo… Continue reading Fuzzing of Mobile Applications→

How to write a rootkit without really trying

Posted on January 17, 2019 by William Woodruff

We open-sourced a fault injection tool, KRF, that uses kernel-space syscall interception. You can use it today to find faulty assumptions (and resultant bugs) in your programs. Check it out! This post covers intercepting system calls from within the Li… Continue reading How to write a rootkit without really trying→

Fuzzing Like It’s 1989

Posted on December 31, 2018 by Artem Dinaburg

With 2019 a day away, let’s reflect on the past to see how we can improve. Yes, let’s take a long look back 30 years and reflect on the original fuzzing paper, An Empirical Study of the Reliability of UNIX Utilities, and its 1995 follow-up,… Continue reading Fuzzing Like It’s 1989→