Newsletter – Fuzzing News / July 2024

Newsletter – Fuzzing News / July 2024

📡 [Monthly Fuzzing] July 2024 📺 Videos/Podcasts How to Fuzz Your Way to Android Universal Root: Attacking Android Binder – https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9  📝 Blogposts/Papers/Slides Fuzzing embedded systems – Part 1, Introduction – https://blog.sparrrgh.me//fuzzing/embedded/2024/06/05/fuzzing-embedded-systems-1.html Driving forward in Android drivers – https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html Automated security testing of unexplored targets through feedback-guided fuzzing – https://depositonce.tu-berlin.de/items/c3aaf2ec-8036-4651-a609-9c3b11a7f705 Finding mispriced opcodes with fuzzing…

Newsletter – Fuzzing News / June 2024

Newsletter – Fuzzing News / June 2024

📡 [Monthly Fuzzing] June 2024 📺 Videos/Podcasts FuzzyAI: Attacking LLMs With Coverage-Guided Fuzzing – https://youtu.be/hBPiiaUiOH8?si=nUE5JHVrdFxgQbR5 Your NVMe Had Been Syz’ed – https://youtu.be/Jc25CM1Ppgo?si=jsz0Beqpr2nJ6h8g Linux Fuzzing Tutorial with AFL Fuzzer – https://www.youtube.com/watch?v=g6BQ-Ae_E4Q A Bug Hunter’s Reflections on Fuzzing – https://a13xp0p0v.github.io/img/Alexander_Popov-Reflections_on_Fuzzing.pdf / https://www.youtube.com/watch?v=wTbFmdx7wG8 📝 Blogposts/Papers/Slides Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller –…

Newsletter – Fuzzing News / May 2024

Newsletter – Fuzzing News / May 2024

📡 [Monthly Fuzzing] May 2024 📺 Videos/Podcasts Discoveries from Analyzing 141 Real-World ZK-SNARK Vulnerabilities! 🧐 – https://youtu.be/oxvcEXha69c https://youtu.be/oxvcEXha69c 📝 Blogposts/Papers/Slides ImageIO, the infamous iOS Zero Click Attack Vector. – https://r00tkitsmm.github.io/fuzzing/2024/03/29/iOSImageIO.html The Windows Registry Adventure #1: Introduction and research results – https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html A Basic Guide to AFL QEMU – https://medium.com/@cy1337/a-basic-guide-to-afl-qemu-495df504b5fb ⚙️ Tools/Repositories what the fuzz: Linux…

IPFS OSINT & Blockchain CTI: Exploring IPFS Data Collection & Analysis [hack.lu 2023]

IPFS OSINT & Blockchain CTI: Exploring IPFS Data Collection & Analysis [hack.lu 2023]

IPFS OSINT & Blockchain CTI: Exploring IPFS Data Collection & Analysis – hack.lu 2023 Abstract This talk was given at hack.lu 2023, will dive into exclusive data collection and analysis techniques specific to this IPFS. We’ll also briefly tour IPFS’s wide range of applications and provide practical tips and tricks to help you secure your…

FuzzingLabs and Sui Foundation Partner to Enhance Smart Contract Security

FuzzingLabs and Sui Foundation Partner to Enhance Smart Contract Security

FuzzingLabs and Sui Foundation Partner to Enhance Sui Smart Contract Security Introduction We are thrilled to announce an exciting partnership between FuzzingLabs and the Sui Foundation. Our collaboration is set to bring a revolutionary tool to the world of blockchain – a specialized fuzzer designed for Sui smart contracts, sui-fuzzer. This collaboration marks a significant…

Prompt Injection – AI Hacking & LLM attacks

Prompt Injection – AI Hacking & LLM attacks

Prompt Injection – AI Hacking & LLM attacks Prompt Injection is a rising concern in the AI realm, especially with models like GPT. In this video, we’ll explore the intricacies of Prompt Injection attacks, demonstrating live on dedicated websites how GPT can be manipulated to potentially leak secret passwords 🛑. More importantly, learn the strategies…

OWASP Top 10 Vulnerabilities in LLM Applications – AI Hacking & LLM attacks

OWASP Top 10 Vulnerabilities in LLM Applications – AI Hacking & LLM attacks

OWASP Top 10 Vulnerabilities in LLM Applications – AI Hacking & LLM attacks In the rapidly changing world of AI and LLM applications, security is paramount. This video provides a deep dive into the OWASP Top 10 vulnerabilities for LLM applications 🤖. We’ll cover critical issues like Prompt Injection, Insecure Output Handling, Model Denial of…

Journey into Building Security Tools for Cairo/Starknet Smart Contracts [EthCC6]

Journey into Building Security Tools for Cairo/Starknet Smart Contracts [EthCC6]

Journey into Building Security Tools for Cairo/Starknet Smart Contracts [EthCC6] During this talk, we will explain the challenges we faced the past year while building two open-source security tools: cairo-fuzzer and Thoth, our complete Cairo/StarkNet analysis framework. Direct download: link You will get access of the complete tutorial with source code, cheat sheet and or…

Cryptocurrency & NFT OSINT: Introduction to Web3/Ethereum Profiling & Deanonymization [LeHack OSINT village 2023]

Cryptocurrency & NFT OSINT: Introduction to Web3/Ethereum Profiling & Deanonymization [LeHack OSINT village 2023]

Cryptocurrency & NFT OSINT: Introduction to Web3/Ethereum Profiling & Deanonymization This talk unravels the intricacies of blockchain, cryptocurrencies, and NFTs from an Open Source Intelligence (OSINT) perspective. We’ll demystify how these technologies operate and explore relevant OSINT techniques. Delving into real-world use cases, we’ll highlight how OSINT can help profile public personalities, identify victims of…

GPT-4 for Bug Bounty, Audit & Pentesting?? He actually found some 0-days

GPT-4 for Bug Bounty, Audit & Pentesting?? He actually found some 0-days

Chatgpt GPT-4 for Bug Bounty, Audit & Pentesting?? He actually found some 0-days I gave some snippets of code (where I already found bugs) to OpenAI GPT-4 and I ask him to find vulnerabilities for me. It’s mind-blowing, it even found some 0 days. You will get access of the complete tutorial with source code, cheat…