fuzzing news newsletter august september 2024
|

Fuzzing News / August & September 2024

Fuzzing Newsletter August & September 2024 📺 Videos/Podcasts Fuzzing for Bugs 🎸🤘 AI-generated Rock Song for Security Researcher 😎 – 📝 Blogposts/Papers/Slides SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing – https://www.mlsec.org/docs/2024c-asiaccs.pdf Expand the reach of Fuzzing – https://thuanpv.github.io/publications/NUS_Summer_School_Thuan_Pham_Final_Public.pdf On Understanding and Forecasting Fuzzers Performance with Static Analysis – https://s3.eurecom.fr/docs/ccs24_zhang.pdf Ring Around The Regex: Lessons…

fuzzing news newsletter fuzzinglabs july 2024
|

Newsletter – Fuzzing News / July 2024

📡 [Monthly Fuzzing] July 2024 📺 Videos/Podcasts How to Fuzz Your Way to Android Universal Root: Attacking Android Binder – https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9  📝 Blogposts/Papers/Slides Fuzzing embedded systems – Part 1, Introduction – https://blog.sparrrgh.me//fuzzing/embedded/2024/06/05/fuzzing-embedded-systems-1.html Driving forward in Android drivers – https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html Automated security testing of unexplored targets through feedback-guided fuzzing – https://depositonce.tu-berlin.de/items/c3aaf2ec-8036-4651-a609-9c3b11a7f705 Finding mispriced opcodes with fuzzing…

fuzzing news newsletter fuzzinglabs june 2024
|

Newsletter – Fuzzing News / June 2024

📡 [Monthly Fuzzing] June 2024 📺 Videos/Podcasts FuzzyAI: Attacking LLMs With Coverage-Guided Fuzzing – https://youtu.be/hBPiiaUiOH8?si=nUE5JHVrdFxgQbR5 Your NVMe Had Been Syz’ed – https://youtu.be/Jc25CM1Ppgo?si=jsz0Beqpr2nJ6h8g Linux Fuzzing Tutorial with AFL Fuzzer – https://www.youtube.com/watch?v=g6BQ-Ae_E4Q A Bug Hunter’s Reflections on Fuzzing – https://a13xp0p0v.github.io/img/Alexander_Popov-Reflections_on_Fuzzing.pdf / https://www.youtube.com/watch?v=wTbFmdx7wG8 📝 Blogposts/Papers/Slides Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller –…

fuzzing news newsletter fuzzinglabs may 2024
|

Newsletter – Fuzzing News / May 2024

📡 [Monthly Fuzzing] May 2024 📺 Videos/Podcasts Discoveries from Analyzing 141 Real-World ZK-SNARK Vulnerabilities! 🧐 – https://youtu.be/oxvcEXha69c https://youtu.be/oxvcEXha69c 📝 Blogposts/Papers/Slides ImageIO, the infamous iOS Zero Click Attack Vector. – https://r00tkitsmm.github.io/fuzzing/2024/03/29/iOSImageIO.html The Windows Registry Adventure #1: Introduction and research results – https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html A Basic Guide to AFL QEMU – https://medium.com/@cy1337/a-basic-guide-to-afl-qemu-495df504b5fb ⚙️ Tools/Repositories what the fuzz: Linux…

AI hacking, LLM applications, OWASP Top 10, Prompt Injection, Insecure Output Handling, Model Denial of Service, Sensitive Information Disclosure, Model Theft, Best practices, Application protection
|

OWASP Top 10 Vulnerabilities in LLM Applications – AI Hacking & LLM attacks

OWASP Top 10 Vulnerabilities in LLM Applications – AI Hacking & LLM attacks In the rapidly changing world of AI and LLM applications, security is paramount. This video provides a deep dive into the OWASP Top 10 vulnerabilities for LLM applications 🤖. We’ll cover critical issues like Prompt Injection, Insecure Output Handling, Model Denial of…

journey into Building Security Tools For Cairo/Starknet Smart Contracts thoth cairo-fuzzer cairo-vm sierra
| | |

Journey into Building Security Tools for Cairo/Starknet Smart Contracts [EthCC6]

Journey into Building Security Tools for Cairo/Starknet Smart Contracts [EthCC6] During this talk, we will explain the challenges we faced the past year while building two open-source security tools: cairo-fuzzer and Thoth, our complete Cairo/StarkNet analysis framework. Direct download: link You will get access of the complete tutorial with source code, cheat sheet and or…

osint blockchain web3 profiling tracking deanonimization ethereum evm on-chain off-chain
| |

Cryptocurrency & NFT OSINT: Introduction to Web3/Ethereum Profiling & Deanonymization [LeHack OSINT village 2023]

Cryptocurrency & NFT OSINT: Introduction to Web3/Ethereum Profiling & Deanonymization This talk unravels the intricacies of blockchain, cryptocurrencies, and NFTs from an Open Source Intelligence (OSINT) perspective. We’ll demystify how these technologies operate and explore relevant OSINT techniques. Delving into real-world use cases, we’ll highlight how OSINT can help profile public personalities, identify victims of…

openai chatgpt gpt3.5 gpt4 gpt3 hacking cybersecurity pentesting audit reversing vulnerability research
| |

GPT-4 for Bug Bounty, Audit & Pentesting?? He actually found some 0-days

Chatgpt GPT-4 for Bug Bounty, Audit & Pentesting?? He actually found some 0-days I gave some snippets of code (where I already found bugs) to OpenAI GPT-4 and I ask him to find vulnerabilities for me. It’s mind-blowing, it even found some 0 days. You will get access of the complete tutorial with source code, cheat…

ethereum evm slither mythril echidna fuzzing audit solidity security vulnerability ETH result foundry forge test code4rena
| |

$100,000 in Bug Bounty 💸 by learning Smart Contract Auditing from CODE4RENA Reports!

$100,000 in Bug Bounty 💸 by learning Smart Contract Auditing from CODE4RENA Reports! How to become an Ethereum/Solidity smart contract auditor? Where to start? How to improve your smart contract auditing process? Which tool to use? The paper analyzed in this video: “Demystifying Exploitable Bugs in Smart Contracts” is a compilation of all the findings…

ethereum evm slither mythril echidna fuzzing audit solidity security vulnerability ETH result foundry forge test
| |

Fuzzing Solidity/Ethereum Smart Contract using Foundry/Forge – Blockchain Security #5

Fuzzing Solidity/Ethereum Smart Contract using Foundry/Forge – Blockchain Security In this video, I will show the basis of running and customizing Foundry/Forge to fuzz an Ethereum smart contract in Solidity. I will also mention “Invariant testing” implementation in Foundry fuzzing compare to Echidna.https://youtu.be/2bTmB3cwhxs You will get access of the complete tutorial with source code, cheat sheet…