HackDig : Dig high-quality web security articles

Un-bee-lievable Performance: Fast Coverage-guided Fuzzing with Honeybee and Intel Processor Trace

By Allison Husain, UC Berkeley Today, we are releasing an experimental coverage-guided fuzzer called Honeybee that records program control flow using Intel Processor Trace (IPT) technology. Previously, IPT has been scrutinized for severe underperformance due to issues with capture systems and inefficient trace analyses. My winter internship focused on workin
Publish At:2021-03-19 10:56 | Read:775 | Comments:0 | Tags:Fuzzing Internship Projects Research Practice

fpicker: Fuzzing with Frida

Introduction In this post, I will introduce fpicker. Fpicker is a Frida-based coverage-guided, mostly in-process, blackbox fuzzing suite. Its most significant feature is the AFL++ proxy mode which enables blackbox in-process fuzzing with AFL++ on platforms supported by Frida. In practice, this means that fpicker enables fuzzing binary-only targets with AFL++
Publish At:2021-03-15 15:58 | Read:1741 | Comments:0 | Tags:Breaking Misc afl frida fuzzing tool

Confessions of a smart contract paper reviewer

If you’re thinking of writing a paper describing an exciting novel approach to smart contract analysis and want to know what reviewers will be looking for, you’ve come to the right place. Deadlines for many big conferences (ISSTA tool papers, ASE, FSE, etc.) are approaching, as is our own Workshop on Smart Contract Analysis, so we’d like to share a few
Publish At:2021-02-05 08:50 | Read:1490 | Comments:0 | Tags:Blockchain Fuzzing Research Practice

Root Cause Analysis of a Heap-Based Buffer Overflow in GNU Readline

In the last blog post, we discussed how fuzzers determine the uniqueness of a crash. In this blog post, we discuss how we can manually triage a crash and determine the root cause. As an example, we use a heap-based buffer overflow I found in GNU readline 8.1 rc2, which has been fixed in the newest release. We use GDB and rr for time-travel debugging to deter
Publish At:2020-12-17 06:22 | Read:1296 | Comments:0 | Tags:Breaking Misc disclosure fuzzing

How Fuzzers Decide if a Crash is Unique

This blogpost sheds some light on how fuzzers handle crash deduplication and what a unique crash is for a fuzzer. For this, we take a look at two contrived examples and compare the unique crashes identified by AFL++ and honggfuzz. Both examples are similar. They read from STDIN, check if the first character of the read data is a digit, then call a vulnerabl
Publish At:2020-12-03 06:58 | Read:1419 | Comments:0 | Tags:Misc fuzzing

Let’s build a high-performance fuzzer with GPUs!

by Ryan Eberhart, Stanford University TL;DR: Can we use GPUs to get 10x performance/dollar when fuzzing embedded software in the cloud? Based on our preliminary work, we think the answer is yes! Fuzzing is a software testing technique that supplies programs with many randomized inputs in an attempt to cause unexpected behavior. It’s an important, industry-st
Publish At:2020-10-22 06:07 | Read:1223 | Comments:0 | Tags:Fuzzing Internship Projects experiment GPU internship Remill

Vulnerabilities in GNU Readline Fixed

Recently I discovered some vulnerabilities in GNU Readline. These bugs have been fixed in GNU Readline version 8.1. The case of identifying the vulnerabilities was rather interesting. I wanted to fuzz another program and wrote a quick harness to test if my setup works. This test harness used GNU Readline to read input from stdin and passed the data along to
Publish At:2020-10-07 06:27 | Read:1088 | Comments:0 | Tags:Breaking disclosure fuzzing

Microsoft open-sourced its Project OneFuzz fuzzing framework for Azure

Microsoft released the Project OneFuzz, an open-source fuzzing framework for its cloud computing service Azure. Microsoft this week announced the release of the Project OneFuzz which is an open-source fuzzing framework for its cloud computing service Azure. The project was previously used by the IT giant to find vulnerabilities in the popular service.
Publish At:2020-09-15 22:02 | Read:1384 | Comments:0 | Tags:Breaking News Security Azure fuzzing Hacking information sec

Using Echidna to test a smart contract library

In this post, we’ll show you how to test your smart contracts with the Echidna fuzzer. In particular, you’ll see how to: Find a bug we discovered during the Set Protocol audit using a variation of differential fuzzing, and Specify and check useful properties for your own smart contract libraries. And we’ll demonstrate how to do all of this using cryt
Publish At:2020-08-17 15:00 | Read:1388 | Comments:0 | Tags:Blockchain Fuzzing

Breaking the Solidity Compiler with a Fuzzer

Over the last few months, we’ve been fuzzing solc, the standard Solidity smart contract compiler, and we’ve racked up almost 20 (now mostly fixed) new bugs. A few of these are duplicates of existing bugs with slightly different symptoms or triggers, but the vast majority are previously unreported bugs in the compiler. This has been a very successful fuzzing
Publish At:2020-06-05 09:40 | Read:1457 | Comments:0 | Tags:Blockchain Compilers Fuzzing

“Zero-click” mobile phone attacks – and how to avoid them

byPaul DucklinLast year, we wrote about an conference paper from Google’s Project Zero with the catchy title Look, no hands! – The remote, interaction-less attack surface of the iPhone.One of the researchers involved in that project has just published an interesting follow-up article on the Project Zero blog,This article doesn’t have the intrigui
Publish At:2020-05-03 09:06 | Read:1908 | Comments:0 | Tags:Apple Google Vulnerability fuzzing imageio Project Zero zero

An Echidna for all Seasons

TL;DR: We have improved Echidna with tons of new features and enhancements since it was released—and there’s more to come. Two years ago, we open-sourced Echidna, our property-based smart contract fuzzer. Echidna is one of the tools we use most in smart contract assessments. According to our records, Echidna was used in about 35% of our smart contract audits
Publish At:2020-03-30 07:49 | Read:1746 | Comments:0 | Tags:Blockchain Fuzzing

Google launches FuzzBench service to benchmark fuzzing tools

byJohn E DunnFirst came ‘fuzzing’, a long-established technique for spotting bugs such as security flaws in real applications using automated tools.More recently, security fuzzing tools have expanded in number, and today there are hundreds of specialised open-source tools and online services designed to probe specific types of software.But which security fuz
Publish At:2020-03-05 09:26 | Read:1750 | Comments:0 | Tags:Google Security threats afl Eclipser FuzzBench fuzzers fuzzi

Destroying x86_64 instruction decoders with differential fuzzing

TL;DR: x86_64 decoding is hard, and the number and variety of implementations available for it makes it uniquely suited to differential fuzzing. We’re open sourcing mishegos, a differential fuzzer for instruction decoders. You can use it to discover discrepancies in your own decoders and analysis tools! Figure 1: Some of Mishegos’s output, visualized. In the
Publish At:2019-11-12 03:25 | Read:2039 | Comments:0 | Tags:Fuzzing Reversing

Security assessment techniques for Go projects

The Trail of Bits Assurance practice has received an influx of Go projects, following the success of our Kubernetes assessment this summer. As a result, we’ve been adapting for Go projects some of the security assessment techniques and tactics we’ve used with other compiled languages. We started by understanding the design of the language, identifying areas
Publish At:2019-11-12 03:25 | Read:2001 | Comments:0 | Tags:Compilers Dynamic Analysis Education Fuzzing Go Kubernetes S


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud