Learn Hacking: Best Books about Fuzz Testing & Vulnerability Research (TOP 4)
Blogpost

Learn Hacking: Best Books about Fuzz Testing & Vulnerability Research (TOP 4)

Learning Hacking & Fuzzing ressources Learn Hacking: Best Books about Fuzz Testing & Vulnerability Research (TOP 4) Today, I will like to show you my TOP 4 Hacking Books to Start learning Fuzzing and Vulnerability Research. Fuzzing: Brute Force Vulnerability Discovery – link Fuzzing for Software Security Testing and Quality Assurance – link A Bug…

Fuzzing JavaScript npm/nodejs/code (omggif) using jsfuzz
Blogpost

Fuzzing JavaScript npm/nodejs/code (omggif) using jsfuzz

Introduction to JavaScript Fuzzing​ 1. JavaScript Fuzzing of npm/nodejs/code (omggif) using jsfuzz In this course, I will fuzz a JavaScript npm/nodejs library (omggif) in order to find uncaught JavaScript exceptions. I will explain how to create a fuzzing harness for this target, run the fuzzer (jsfuzz), handle expected exceptions, analyze a crash and create a…

Fuzzing C/C++ program using honggfuzz
Blogpost

Fuzzing C/C++ program using honggfuzz

Fuzzing C code / C++ programs using honggfuzz Tutorial In this tutorial, I will show how you can start fuzzing C code and C++ programs (binutils/readelf) very easily using honggfuzz. I will first compile honggfuzz and briefly explain the main mechanism behind it. Then, I will compile the targeted program (binutils / readelf) using the honggfuzz compilers. Finally,…

Introduction to Fuzzing Golang
Blogpost

Introduction to Fuzzing Golang

Introduction to Fuzzing Golang code Fuzzing Go package using go-fuzz & libfuzzer In this course, I will first select a popular Golang library and identify the most interesting methods to fuzz. Then, I’ll explains how to use go-fuzz and libfuzzer to compile the fuzzing target. Finally, I’ll show how to run the fuzzer.https://www.youtube.com/watch?v=EsSebOAD5yw&list=PLa-iO6ehPFJgCKKiyEU__dUJVDVh-TUbT You will…

Reversing Ewasm contract 101 – EthCC 2020
Blogpost

Reversing Ewasm contract 101 – EthCC 2020

Reversing Ewasm smart contracts 101 – EthCC 2020 I just gave a talk/workshop today (03/2020) at EthCC 2020 (Paris – France), about reversing Ewasm (Ethereum flavored WebAssembly) smart contract. In this talk, I briefly introduce WebAssembly concepts , Ewasm ethereum specificity and opcodes/instructions. Secondly, I show how to create Ewasm smart contracts and expose different techniques/tools…

Fuzzing npm/nodejs WebAssembly parsing library with jsfuzz
Blogpost

Fuzzing npm/nodejs WebAssembly parsing library with jsfuzz

Fuzzing javascript nodejs/npm WebAssembly parsing library with jsfuzz I asked recently on twitter what should be my next blogpost subject and voters choose this one, so here it is. In this short blogpost, I will first introduce jsfuzz, a coverage-guided javascript fuzzer for nodejs/npm packages. Then, I’ll discuss about the wasm binary parsing library I…