Fuzzing with Scapy: Introduction to Protocol Fuzzing (DNS & TCP packets)

Fuzzing with Scapy: Introduction to Protocol Fuzzing (DNS & TCP packets)

Fuzzing with Scapy: Introduction to Network Protocol Fuzzing  In this video, I’m showing how to use Scapy python for network protocol fuzzing. We will first start with a DNS python fuzzing script against dpkt python library. Finally, we will see how what a crash looks like since dpkt will generate an exception after TCP fuzzing. https://youtu.be/yrmPRYSEdg0 You will get access of…

Fuzzing Browsers DOM using FreeDom grammar-based fuzzer

Fuzzing Browsers DOM using FreeDom grammar-based fuzzer

Fuzzing Browsers DOM using FreeDom grammar-based fuzzer In this video, I will first explain how to download Chrome ASAN build. Then, I’ll detail what is DOM (Document Object Model) and how it is used by web browsers. I’ll use the FreeDom grammar-based fuzzer to generate some HTML files and create a simple script to process…

Fuzzing Firefox using In-process Fuzzing with Frida

Fuzzing Firefox using In-process Fuzzing with Frida

Fuzzing Firefox using In-process Fuzzing with Frida As asked by a lot of you, today’s blogpost is about browser security. First I will show how to download easily Firefox compiled with AddressSanitizer (ASAN). Then, I will show how to use Frida to list all modules and exports of Firefox. I will show some other interesting…

Learning Hacking & Fuzzing books ressources​

Learning Hacking & Fuzzing books ressources​

Learning Hacking & Fuzzing books ressources Top 4 books to learn about Fuzz Testing & Vulnerability Research Today, I will like to show you my TOP 4 Hacking Books to Start learning Fuzzing and Vulnerability Research. Fuzzing: Brute Force Vulnerability Discovery – link Fuzzing for Software Security Testing and Quality Assurance – link A Bug…

Introduction to JavaScript Fuzzing

Introduction to JavaScript Fuzzing

Introduction to JavaScript Fuzzing​ 1. JavaScript Fuzzing of npm/nodejs/code (omggif) using jsfuzz In this course, I will fuzz a JavaScript npm/nodejs library (omggif) in order to find uncaught JavaScript exceptions. I will explain how to create a fuzzing harness for this target, run the fuzzer (jsfuzz), handle expected exceptions, analyze a crash and create a…

Fuzzing C/C++ program using honggfuzz

Fuzzing C/C++ program using honggfuzz

Fuzzing C code / C++ programs using honggfuzz Tutorial In this tutorial, I will show how you can start fuzzing C code and C++ programs (binutils/readelf) very easily using honggfuzz. I will first compile honggfuzz and briefly explain the main mechanism behind it. Then, I will compile the targeted program (binutils / readelf) using the honggfuzz compilers. Finally,…

Introduction to Fuzzing Golang

Introduction to Fuzzing Golang

Introduction to Fuzzing Golang code 1. Fuzzing Go package using go-fuzz & libfuzzer In this course, I will first select a popular Golang library and identify the most interesting methods to fuzz. Then, I’ll explains how to use go-fuzz and libfuzzer to compile the fuzzing target. Finally, I’ll show how to run the fuzzer.https://www.youtube.com/watch?v=EsSebOAD5yw&list=PLa-iO6ehPFJgCKKiyEU__dUJVDVh-TUbT 2….