Discover and read the best of Twitter Threads about #fuzzing

Most recents (7)

☃️OSRE Course☃️

This repository contains a fill blown Offensive Security and Reverse Engineering course and the courses covered include

➡️Reverse Engineering
➡️Bug Hunting and Fuzzing
➡️Intro to Assembly x86 and x64

and much more..

#bugbounty #fuzzing #infosec #cybersecurity
🔗 Link: github.com/ashemery/explo…

💳 Credits: @binaryz0ne
@binaryz0ne That's a wrap!

If you enjoyed this thread:

1. Follow me @thebinarybot for more of these
2. RT the tweet below to share this thread with your audience
Read 4 tweets
I revisited NahamCon 2021 and found the talk by @rez0__ on fuff super informative.

Hence, I decided to write a thread on it for those who don't have time to watch the talk.

"fuff scripts & tricks" - A thread.

🧵👇

#bugbounty #infosec #fuzzing #bugbountytips #cybersecurity
🚔Obey the law

Before we dive into the tips and tricks, remember that fuff is a powerful tool and don't spam it everywhere. Use the -t or -rate flags wherever necessary.
🔊 1. Noise Reduction
Read 11 tweets
Sharing a project that aims to make fuzzing more accessible:

github.com/thepudds/fzgen

fzgen builds on Go 1.18 fuzzing, adding:
- Fuzz complex types (structs, interfaces, ...)
- Auto gen fuzzing wrappers from normal code
- Auto hunt for concurrency bugs

#fuzzing #golang 1/n
Some fun examples...

Fuzzing the syzkaller implementation without writing any code:

github.com/thepudds/fzgen…

2/n
Finding a data race without writing any code:

github.com/thepudds/fzgen…

3/n
Read 6 tweets
[#Fuzzing Evaluation] How do we know which fuzzer finds the largest number of important bugs within a reasonable time in software that we care about?

A commentary on @gamozolabs' perspective.
(Verdict: Strong accept).
YES! We need to present our plots on a log-x-scale. Why? mboehme.github.io/paper/FSE20.Em…
Two fuzzers. Both achieve the same coverage eventually. Yet, one performs really well at the beginning while the other performs really well in the long run. (What is a reasonable time budget? 🤔)
Nice! I agree, comparing *time-to-same-coverage* provides more information about fuzzer efficiency than comparing coverage-at-a-given-time.
Read 10 tweets
5 years ago I proposed a #golang fuzz-a-thon in honour of the release of 1.5.

Probably a good time to do it again preparing for 1.15

groups.google.com/forum/#!msg/go…
Come hang out in the #fuzzing channel on the Gophers Slack or ask questions here.
Here's a quick go-fuzz tutorial I wrote:

medium.com/@dgryski/go-fu…

Some defaults in go-fuzz have changed, so once you have your fuzz function you can just run:

go-fuzz-build && go-fuzz

to start finding crashes.
Read 4 tweets
LIVE FROM COLUMBIA, IT'S #REALWORLDCRYPTO
First up is the TLS session 🔒
First talk is Johanna Amann on measuring TLS 1.3 deployment in the wild with active and passive methods

#realworldcrypto
Read 250 tweets
Kostya's keynote: LibFuzzer hasn't found new bugs in <big software companie>'s library. We didn't know why. Later we got a note that they are now using LibFuzzer during regression testing in CI and that it prevented 3 vulns from reaching to production.
In Chrome, libFuzzer found 4k bugs and 800 vulns. In OSS-Fuzz, libFuzzer found 2.4k bugs (AFL found 500 bugs) over the last three years.

@kayseesee #fuzzing #shonan
@kayseesee Fuzz-driven Development: Write your fuzz targets first.
Read 7 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!