Fuzzing JavaScript npm/nodejs/code (omggif) using jsfuzz
Blogpost

Fuzzing JavaScript npm/nodejs/code (omggif) using jsfuzz

Fuzzing JavaScript npm/nodejs packages using jsfuzz In this course, I will fuzz a JavaScript npm / nodejs library (omggif) in order to find uncaught JavaScript exceptions. I will explain how to create a fuzzing harness for this target, run the fuzzer (jsfuzz), handle expected exceptions, analyze a crash and create a minimal crashing reproducer. You will get access of the complete tutorial with…

Fuzzing Java code using Jazzer
Blogpost

Fuzzing Java code using Jazzer

Fuzzing Java code using Jazzer Java Fuzzer In this course, I will fuzz a popular Java library (JSoup) in order to find uncaught Java exception. I will explain how to create a java fuzzing harness for this target using the Jazzer java fuzzer. Then, I will run it and show you what’s happening when you trigger crashes i.e. java exception. You…

Fuzzing C/C++ program using honggfuzz
Blogpost

Fuzzing C/C++ program using honggfuzz

Fuzzing C code / C++ programs using honggfuzz Tutorial In this tutorial, I will show how you can start fuzzing C code and C++ programs (binutils/readelf) very easily using honggfuzz. I will first compile honggfuzz and briefly explain the main mechanism behind it. Then, I will compile the targeted program (binutils / readelf) using the honggfuzz compilers. Finally,…

Fuzzing Golang package using go-fuzz and libfuzzer
Blogpost

Fuzzing Golang package using go-fuzz and libfuzzer

Fuzzing golang packages using go fuzz & libfuzzer In this course, I will first select a popular Golang package and identify the most interesting methods to fuzz. Then, I’ll explains how to use go fuzz and libfuzzer to compile the golang fuzzing target. Finally, I’ll show how to run the fuzzer. You will get access of the complete tutorial with…

Introduction to Fuzzing Python
Blogpost

Introduction to Fuzzing Python

Introduction to Fuzzing Python code For the moment, this introduction to Python fuzzing contains 3 modules but more will come in the future. If you want to make any proposal, please contact me. 1. Fuzzing Python code using pythonfuzz In this first course, I will select a popular Python package (pyasn1) and find some interesting methods to fuzz….

Reversing Ewasm contract 101 – EthCC 2020
Blogpost

Reversing Ewasm contract 101 – EthCC 2020

Reversing Ewasm smart contracts 101 – EthCC 2020 I just gave a talk/workshop today (03/2020) at EthCC 2020 (Paris – France), about reversing Ewasm (Ethereum flavored WebAssembly) smart contract. In this talk, I briefly introduce WebAssembly concepts , Ewasm ethereum specificity and opcodes/instructions. Secondly, I show how to create Ewasm smart contracts and expose different techniques/tools…