HackDig : Dig high-quality web security articles

fpicker: Fuzzing with Frida

Introduction In this post, I will introduce fpicker. Fpicker is a Frida-based coverage-guided, mostly in-process, blackbox fuzzing suite. Its most significant feature is the AFL++ proxy mode which enables blackbox in-process fuzzing with AFL++ on platforms supported by Frida. In practice, this means that fpicker enables fuzzing binary-only targets with AFL++
Publish At:2021-03-15 15:58 | Read:1800 | Comments:0 | Tags:Breaking Misc afl frida fuzzing tool

Google launches FuzzBench service to benchmark fuzzing tools

byJohn E DunnFirst came ‘fuzzing’, a long-established technique for spotting bugs such as security flaws in real applications using automated tools.More recently, security fuzzing tools have expanded in number, and today there are hundreds of specialised open-source tools and online services designed to probe specific types of software.But which security fuz
Publish At:2020-03-05 09:26 | Read:1753 | Comments:0 | Tags:Google Security threats afl Eclipser FuzzBench fuzzers fuzzi

Java Bugs with and without Fuzzing – AFL-based Java fuzzers and the Java Security Manager

In the last half a year I have been doing some fuzzing with AFL-based Java fuzzers, namely Kelinci and JQF. I didn’t really work with java-afl. The contents of this post are: Various AFL-based Java fuzzers are available that can be used to find more or less severe security issues. By combining these with sanitizers provided by the Java Security Manager
Publish At:2019-09-19 18:20 | Read:2543 | Comments:0 | Tags:Fuzzing AFL Apache fuzzing Java Java security manager JQF Ke

Activity wrap-up inlcuding AFL, CRASS and Burp

Here’s a little overview of my last few months: Thinking about using libjson? Maybe you should wait for a bug fix. Trying to fuzz Java code with afl-gcj was not a very pleasant experience. Made some efforts to show how to fuzz CGI scripts with AFL. My CRASS project that includes a script to grep for interesting security related tokens is constantly gr
Publish At:2016-11-25 12:20 | Read:5314 | Comments:0 | Tags:Various AFL afl-gcj Burp cgi CRASS Hackerone libjson

american fuzzy lop – Security Oriented Fuzzing Tool

American fuzzy lop is a security-oriented fuzzing tool that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produc
Publish At:2015-11-20 20:50 | Read:3772 | Comments:0 | Tags:Hacking Tools Programming afl afl fuzzing afl-fuzz afl-fuzze

What I’ve been up to: a lot

Hi there Yes, I know, you didn’t hear from me for quiet a while (apart from the usual Twitter noise). But I wasn’t lazy! Actually I feel like I need to get rid of a lot of information. Here’s what I was up to in the last few months: Released the code review audit script scanner (crass) on github, which is basically a very much improved ver
Publish At:2015-10-06 06:05 | Read:5309 | Comments:0 | Tags:Various AFL Android CRASS Good Technology Google Play insecu

Fuzzing with AFL-Fuzz, a Practical Example ( AFL vs binutils )

It's been a few weeks I've been playing with afl-fuzz ( american fuzzy lop ), a great tool from lcamtuf which uses binary instrumentation to create edge-cases for a given software, the description on the website is: American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automat
Publish At:2015-04-30 20:55 | Read:10330 | Comments:0 | Tags:exploit afl fuzzing lcamtuf fuzzer binary instrumentation gc

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud