fuzzing   909

« earlier    

Directed Greybox Fuzzing
... We develop and evaluate a simulated annealing-based power schedule that gradually assigns more energy to seeds that are closer to the target locations while reducing energy for seeds that are further away ...
infosec  fuzzing  pdf 
8 days ago by athena
google/oss-fuzz: OSS-Fuzz - continuous fuzzing of open source software
oss-fuzz - OSS-Fuzz - continuous fuzzing of open source software
fuzzing  security  code  testing 
17 days ago by eitland
The Art of Fuzzing – Slides and Demos | SEC Consult
Over the last weeks I presented talks on the topic of fuzzing at conferences such as DefCamp, Heise Dev Sec, IT-SeCX and BSides Vienna. As promised, I make my
fuzzing  learning  security 
4 weeks ago by cudgel
thefLink/HEXER: Fuzzing Suite
File format fuzzer for Windows and Linux ( in combination with ASAN ).
fuzzing  linux  vulnerability  windows  github 
4 weeks ago by whip_lash
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection
Fuzz testing has proven successful in finding
security vulnerabilities in large programs. However, traditional
fuzz testing tools have a well-known common drawback: they
are ineffective if most generated malformed inputs are rejected
in the early stage of program running, especially when target
programs employ checksum mechanisms to verify the integrity
of inputs. In this paper, we present TaintScope, an automatic
fuzzing system using dynamic taint analysis and symbolic
execution techniques, to tackle the above problem. TaintScope
has several novel contributions: 1) TaintScope is the first
checksum-aware fuzzing tool to the best of our knowledge. It
can identify checksum fields in input instances, accurately locate
checksum-based integrity checks by using branch profiling
techniques, and bypass such checks via control flow alteration.
2) TaintScope is a directed fuzzing tool working at X86 binary
level (on both Linux and Window). Based on fine-grained
dynamic taint tracing, TaintScope identifies which bytes in a
well-formed input are used in security-sensitive operations (e.g.,
invoking system/library calls) and then focuses on modifying
such bytes. Thus, generated inputs are more likely to trigger
potential vulnerabilities. 3) TaintScope is fully automatic, from
detecting checksum, directed fuzzing, to repairing crashed
samples. It can fix checksum values in generated inputs using
combined concrete and symbolic execution techniques.
We evaluate TaintScope on a number of large real-world
applications. Experimental results show that TaintScope can
accurately locate the checksum checks in programs and dramatically
improve the effectiveness of fuzz testing. TaintScope
has already found 27 previously unknown vulnerabilities in
several widely used applications, including Adobe Acrobat,
Google Picasa, Microsoft Paint, and ImageMagick. Most of
these severe vulnerabilities have been confirmed by Secunia
and oCERT, and assigned CVE identifiers (such as CVE-2009-
1882, CVE-2009-2688). Corresponding patches from vendors
are released or in progress based on our reports.
fuzzing  security 
5 weeks ago by mikecb
windows kernel driver fuzzing tool using ioctlbf, apparently not too shabby, but uses own fuzzing logic
windows  kernel  driver  fuzzer  fuzzing  security  hacking  pentesting  opensource  software 
6 weeks ago by asteroza
Fuzzing Markdown parser written in Go
Fuzzing markdown parser written in Go with go-fuzz
golang  fuzzing  markdown  parser 
6 weeks ago by geetarista

« earlier    

related tags

2017  34c3  afl  antlr  appsec  article  asan  assembly  audit  awesome-list  awesome  binary  binary_analysis  browser  browsers  bug_bounty  bugs  bugtracking  buildserver  buildsystem  c++  c-lang  c  clang  code  communication  comp3911  compilers  computer_security  constraints  container  corpus  cpu  cyb633  daemon  data  debugging  development  documentation  dom  driver  elf  engineering  execution  exploitation  fuzz  fuzzer  fuzzy  github  go  golang  google  gpu  grammarinator  h4x  hacking  hardware  important  infosec  integration  intel  just_another_try  kernel  learning  libfuzzer  library  linux  lists  malware  management  markdown  memory  microsoft  network  networking  opensource  openssh  optimization  ossfuzz  papers  parser  pcap  pdf  pen-testing  pentest  pentesting  programmierung  programming  python  quickcheck  radamsa  reference  repository  reverse  review  safety  scan  scanner  scanning  scapy  security  shaders  small_blogs  software  swift  symbolic  tcp  test  testing  tool  tools  tulpar  tutorial  type:collection  udp  unit  unittest  usb  versioning  vulnerabilities  vulnerability  web  whitebox  windows  working  x86  zap 

Copy this bookmark: