Patrick Ventuzelo, Author At FuzzingLabs

Fuzzing News / August & September 2024

ByPatrick Ventuzelo 09/19/202409/22/2024

Fuzzing Newsletter August & September 2024 📺 Videos/Podcasts Fuzzing for Bugs 🎸🤘 AI-generated Rock Song for Security Researcher 😎 – 📝 Blogposts/Papers/Slides SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing – https://www.mlsec.org/docs/2024c-asiaccs.pdf Expand the reach of Fuzzing – https://thuanpv.github.io/publications/NUS_Summer_School_Thuan_Pham_Final_Public.pdf On Understanding and Forecasting Fuzzers Performance with Static Analysis – https://s3.eurecom.fr/docs/ccs24_zhang.pdf Ring Around The Regex: Lessons…

Blogpost | Fuzzing

Newsletter – Fuzzing News / July 2024

ByPatrick Ventuzelo 07/11/202408/28/2024

📡 [Monthly Fuzzing] July 2024 📺 Videos/Podcasts How to Fuzz Your Way to Android Universal Root: Attacking Android Binder – https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9 📝 Blogposts/Papers/Slides Fuzzing embedded systems – Part 1, Introduction – https://blog.sparrrgh.me//fuzzing/embedded/2024/06/05/fuzzing-embedded-systems-1.html Driving forward in Android drivers – https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html Automated security testing of unexplored targets through feedback-guided fuzzing – https://depositonce.tu-berlin.de/items/c3aaf2ec-8036-4651-a609-9c3b11a7f705 Finding mispriced opcodes with fuzzing…

Blogpost | Fuzzing

Newsletter – Fuzzing News / June 2024

ByPatrick Ventuzelo 06/06/202408/28/2024

📡 [Monthly Fuzzing] June 2024 📺 Videos/Podcasts FuzzyAI: Attacking LLMs With Coverage-Guided Fuzzing – https://youtu.be/hBPiiaUiOH8?si=nUE5JHVrdFxgQbR5 Your NVMe Had Been Syz’ed – https://youtu.be/Jc25CM1Ppgo?si=jsz0Beqpr2nJ6h8g Linux Fuzzing Tutorial with AFL Fuzzer – https://www.youtube.com/watch?v=g6BQ-Ae_E4Q A Bug Hunter’s Reflections on Fuzzing – https://a13xp0p0v.github.io/img/Alexander_Popov-Reflections_on_Fuzzing.pdf / https://www.youtube.com/watch?v=wTbFmdx7wG8 📝 Blogposts/Papers/Slides Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller –…

Blogpost | Fuzzing

Newsletter – Fuzzing News / May 2024

ByPatrick Ventuzelo 05/07/202408/28/2024

📡 [Monthly Fuzzing] May 2024 📺 Videos/Podcasts Discoveries from Analyzing 141 Real-World ZK-SNARK Vulnerabilities! 🧐 – https://youtu.be/oxvcEXha69c https://youtu.be/oxvcEXha69c 📝 Blogposts/Papers/Slides ImageIO, the infamous iOS Zero Click Attack Vector. – https://r00tkitsmm.github.io/fuzzing/2024/03/29/iOSImageIO.html The Windows Registry Adventure #1: Introduction and research results – https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html A Basic Guide to AFL QEMU – https://medium.com/@cy1337/a-basic-guide-to-afl-qemu-495df504b5fb ⚙️ Tools/Repositories what the fuzz: Linux…

AI hacking, LLM applications, OWASP Top 10, Prompt Injection, Insecure Output Handling, Model Denial of Service, Sensitive Information Disclosure, Model Theft, Best practices, Application protection

Blogpost | AI & ML Security

OWASP Top 10 Vulnerabilities in LLM Applications – AI Hacking & LLM attacks

ByPatrick Ventuzelo 11/09/202308/28/2024

OWASP Top 10 Vulnerabilities in LLM Applications – AI Hacking & LLM attacks In the rapidly changing world of AI and LLM applications, security is paramount. This video provides a deep dive into the OWASP Top 10 vulnerabilities for LLM applications 🤖. We’ll cover critical issues like Prompt Injection, Insecure Output Handling, Model Denial of…

journey into Building Security Tools For Cairo/Starknet Smart Contracts thoth cairo-fuzzer cairo-vm sierra

Blogpost | Blockchain | Starknet | Talk

Journey into Building Security Tools for Cairo/Starknet Smart Contracts [EthCC6]

ByPatrick Ventuzelo 07/27/202312/13/2024

Journey into Building Security Tools for Cairo/Starknet Smart Contracts [EthCC6] During this talk, we will explain the challenges we faced the past year while building two open-source security tools: cairo-fuzzer and Thoth, our complete Cairo/StarkNet analysis framework. Direct download: link You will get access of the complete tutorial with source code, cheat sheet and or…

osint blockchain web3 profiling tracking deanonimization ethereum evm on-chain off-chain

Blogpost | OSINT | Talk

Cryptocurrency & NFT OSINT: Introduction to Web3/Ethereum Profiling & Deanonymization [LeHack OSINT village 2023]

ByPatrick Ventuzelo 07/12/202308/28/2024

Cryptocurrency & NFT OSINT: Introduction to Web3/Ethereum Profiling & Deanonymization This talk unravels the intricacies of blockchain, cryptocurrencies, and NFTs from an Open Source Intelligence (OSINT) perspective. We’ll demystify how these technologies operate and explore relevant OSINT techniques. Delving into real-world use cases, we’ll highlight how OSINT can help profile public personalities, identify victims of…

openai chatgpt gpt3.5 gpt4 gpt3 hacking cybersecurity pentesting audit reversing vulnerability research

Blogpost | AI & ML Security | Research

GPT-4 for Bug Bounty, Audit & Pentesting?? He actually found some 0-days

ByPatrick Ventuzelo 03/29/202308/28/2024

Chatgpt GPT-4 for Bug Bounty, Audit & Pentesting?? He actually found some 0-days I gave some snippets of code (where I already found bugs) to OpenAI GPT-4 and I ask him to find vulnerabilities for me. It’s mind-blowing, it even found some 0 days. You will get access of the complete tutorial with source code, cheat…

ethereum evm slither mythril echidna fuzzing audit solidity security vulnerability ETH result foundry forge test code4rena

Blogpost | Blockchain | Ethereum & EVM

$100,000 in Bug Bounty 💸 by learning Smart Contract Auditing from CODE4RENA Reports!

ByPatrick Ventuzelo 03/13/202312/13/2024

$100,000 in Bug Bounty 💸 by learning Smart Contract Auditing from CODE4RENA Reports! How to become an Ethereum/Solidity smart contract auditor? Where to start? How to improve your smart contract auditing process? Which tool to use? The paper analyzed in this video: “Demystifying Exploitable Bugs in Smart Contracts” is a compilation of all the findings…

ethereum evm slither mythril echidna fuzzing audit solidity security vulnerability ETH result foundry forge test

Blogpost | Blockchain | Ethereum & EVM

Fuzzing Solidity/Ethereum Smart Contract using Foundry/Forge – Blockchain Security #5

ByPatrick Ventuzelo 02/10/202312/13/2024

Fuzzing Solidity/Ethereum Smart Contract using Foundry/Forge – Blockchain Security In this video, I will show the basis of running and customizing Foundry/Forge to fuzz an Ethereum smart contract in Solidity. I will also mention “Invariant testing” implementation in Foundry fuzzing compare to Echidna.https://youtu.be/2bTmB3cwhxs You will get access of the complete tutorial with source code, cheat sheet…

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Follow us

We value your privacy