📡 [Monthly Fuzzing] June 2024
đź“ş Videos/Podcasts
FuzzyAI: Attacking LLMs With Coverage-Guided Fuzzing – https://youtu.be/hBPiiaUiOH8?si=nUE5JHVrdFxgQbR5
Your NVMe Had Been Syz’ed – https://youtu.be/Jc25CM1Ppgo?si=jsz0Beqpr2nJ6h8g
Linux Fuzzing Tutorial with AFL Fuzzer – https://www.youtube.com/watch?v=g6BQ-Ae_E4Q
A Bug Hunter’s Reflections on Fuzzing – https://a13xp0p0v.github.io/img/Alexander_Popov-Reflections_on_Fuzzing.pdf / https://www.youtube.com/watch?v=wTbFmdx7wG8
đź“ť Blogposts/Papers/Slides
- Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller – https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
Coverage guided fuzzing for native Android libraries (Frida & Radamsa) – https://knifecoat.com/Posts/Coverage+guided+fuzzing+for+native+Android+libraries+(Frida+%26+Radamsa)
Large Language Model guided
Protocol Fuzzing – https://mboehme.github.io/paper/NDSS24.pdf
Talos releases new macOS open-source fuzzer – https://blog.talosintelligence.com/talos-releases-new-macos-fuzzer/
To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux’ Wireless Stacks through VirtIO Devices – https://www.computer.org/csdl/proceedings-article/sp/2024/313000a024/1RjEa0y9RMQ
Everything is Good for Something: Counterexample-Guided Directed Fuzzing via
Likely Invariant Inference – https://nebelwelt.net/files/24Oakland2.pdf
Hunting bugs in Nginx JavaScript engine (njs) – https://0xbigshaq.github.io/2024/05/24/njs-vr-bugs/
Introducing LLM-based harness synthesis for unfuzzed projects – https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/
TSS @ NUS – Fuzz Testing publications: https://nus-tss.github.io/fuzzing/publications/
Democratizing Fuzzing at Scale – https://drive.google.com/file/d/1lUFIugzEy1eBBWkLDHC_hzRfahZUCZYR/view
Thread on (counter-)intuitive fuzzing behavior and statistics – https://x.com/mboehme_/status/1795828470221820382
Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example – https://tsmr.eu/blackbox-fuzzing.html
⚙️ Tools/Repositories
https://github.com/user1342/AutoCorpus: AutoCorpus is a tool backed by a large language model (LLM) for automatically generating corpus files for fuzzing.
https://github.com/lus33rr/AyedFuzzer: AyedFuzzer is a small Fuzzer with 3 options (File mutating, WinDbg-interactive monitor, multi-processing) for windows executables
Cisco-Talos/snap_wtf_macos: WTF Snapshot fuzzing of macOS targets – https://github.com/Cisco-Talos/snap_wtf_macos
https://github.com/seemoo-lab/VirtFuzz: VirtFuzz is a Linux Kernel Fuzzer that uses VirtIO to provide inputs into the kernels subsystem. It is built with LibAFL.
➡️ Subscribe for more: https://academy.fuzzinglabs.com/fuzzing-labs-community