Fuzzing blogpost focused on fuzzing, vulnerability research, WebAssembly and Rustlang | Fuzzing Labs.
Can we find Log4Shell with Java Fuzzing? 🔥(CVE-2021-44228 – Log4j RCE) In this video, I’m trying to find the famous java Log4Shell RCE (CVE-2021-44228) using fuzzing. I’m targeting apache log4j2 version 2.14.1 and I’m using Jazzer, the Java fuzzer developed by Code Intelligence. I will show and give you everything to reproduce the same at…
Analysis of Mozilla NSS BigSig Vulnerability & Fuzzing issues(CVE-2021-43527) Today I will like to discuss the Mozilla NSS BigSig vulnerability found recently by @taviso from Google Project Zero. Inside its blogpost, Tavis Ormandy detailed the vulnerability and mentioned some really good points about why this bug was not found using fuzzing by OSS-fuzz. It’s a…
Fuzzing with Scapy: Introduction to Network Protocol Fuzzing  In this video, I’m showing how to use Scapy python for network protocol fuzzing. We will first start with a DNS python fuzzing script against dpkt python library. Finally, we will see how what a crash looks like since dpkt will generate an exception after TCP fuzzing. https://youtu.be/yrmPRYSEdg0 You will get access of…
Fuzzing Browsers DOM using FreeDom grammar-based fuzzer In this video, I will first explain how to download Chrome ASAN build. Then, I’ll detail what is DOM (Document Object Model) and how it is used by web browsers. I’ll use the FreeDom grammar-based fuzzer to generate some HTML files and create a simple script to process…
Fuzzing Firefox using In-process Fuzzing with Frida As asked by a lot of you, today’s blogpost is about browser security. First I will show how to download easily Firefox compiled with AddressSanitizer (ASAN). Then, I will show how to use Frida to list all modules and exports of Firefox. I will show some other interesting…
Top 4 books to learn about Fuzz Testing & Vulnerability Research in 2022 Today, I will like to show you my TOP 4 Hacking Books to Start learning Fuzzing and Vulnerability Research. Fuzzing: Brute Force Vulnerability Discovery – link Fuzzing for Software Security Testing and Quality Assurance – link A Bug Hunter’s Diary – link…
Introduction to Blackbox Fuzzing 1. Binary-only Fuzzing using AFL++ QEMU mode In this really basic course, I will use AFL++ to fuzz an already compiled binary. I will first explain how afl++ QEMU mode is working and why it’s impacting the performance. Then, we will fuzz the pdfinfo binary and we will improve the coverage…
Introduction to JavaScript Fuzzing​ 1. JavaScript Fuzzing of npm/nodejs/code (omggif) using jsfuzz In this course, I will fuzz a JavaScript npm/nodejs library (omggif) in order to find uncaught JavaScript exceptions. I will explain how to create a fuzzing harness for this target, run the fuzzer (jsfuzz), handle expected exceptions, analyze a crash and create a…
Fuzzing Java code using Jazzer Java Fuzzer Fuzzing Java code (JSoup) using Jazzer fuzzer In this course, I will fuzz a popular Java library (JSoup) in order to find uncaught Java exception. I will explain how to create a java fuzzing harness for this target using the Jazzer java fuzzer. Then, I will run it and show you what’s happening when…
Fuzzing C code / C++ programs using honggfuzz Tutorial In this tutorial, I will show how you can start fuzzing C code and C++ programs (binutils/readelf) very easily using honggfuzz. I will first compile honggfuzz and briefly explain the main mechanism behind it. Then, I will compile the targeted program (binutils / readelf) using the honggfuzz compilers. Finally,…
| Cookie | Duration | Description |
|---|---|---|
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |