Trying real hard to build a fuzzer targeting the CPython JIT, lots of features implemented but not a single crash or bug discovered so far.

Such is life when hunting for crashes in robust code.

This weekend I'll be spinning off a new fuzzer that grew from fusil. Wish me luck

My colleagues at CEA in #Paris, France, are hiring a 2-year #postdoc to work on the joint research project #SECUBIC about #fuzzing binaries to identify #backdoors. (See this recently joint work at #ICSE2025 for previous results: https://upsilon.cc/~zack/research/publications/icse-2025-rosa-fuzzing.pdf )

If you're interested, or know interested candidates, head to: https://secubic-ptcc.github.io/jobs/open/2025/04/02/postdoc-supply-chain-binary-fuzzing.html for details.

In this week's Linux Update newsletter, Chris Binnie looks at the enumeration tools feroxbuster and ffuf for automating search during a cyberattack
https://www.linux-magazine.com/Issues/2025/290/Enumerating-Resources
#security #tools #feroxbuster #ffuf #enumeration #cyberattack #automation #fuzzing

For @Xdebug's native path mapping, I need to parse a file.

This afternoon I played around with AFL++, a fuzzing tool to see if I had missed a few edge cases. It works a little like Infection PHP, but then for C programs.

Turned out I had missed egde cases that the fuzzer found, and I ended up fixing four bugs!

Hello everyone :)

Since it seems to be a requirement, here is my #introduction for anyone willing to follow a full-time lurker o_o

- I do #fuzzing research, and this will make up most of what I post here
- I live in Germany

Please do not follow if you cannot be kind :) I will likely mistype things or be overly passionate sometimes ._.

Crash IoT Devices Through Protocol Fuzzing - IoT protocols are a relatively unexplored field compared to most PC-exposed protoc... - https://hackaday.com/2024/04/02/crash-iot-devices-through-protocol-fuzzing/ #securityhacks #wirelesshacks #iotsecurity #fuzzing #iot

Join the #fuzzing community @fuzzing! Let’s build a place to share and discuss fuzzing stuff (with occasional rabbits)

Today the AWS "Find and Fix" (F2) security research team released Snapchange, a new open source project to make snapshot-based fuzzing much easier.

#OpenSource #OSSummit #LinuxSecuritySummit #Fuzzing #Linux #KVM
https://aws.amazon.com/blogs/opensource/announcing-snapchange-an-open-source-kvm-backed-snapshot-fuzzing-framework/

It's been a while since I've given any talks or lectures, and after trying out streaming, I've been wanting to give other forms of creations a try too.

So, here is a short video about a side project I've been working on recently: Skuld a timeline fuzzer for NES games.

#fuzzing #nes #skuld

https://www.youtube.com/watch?v=HXsayxdf3Rc

I've archived all my old tweets (except RTs) here:
https://vegard.github.io/twitter/

Almost everything has been tagged by subject/topic in case you are only interested in something specific.

Lots of #LinuxKernel, #Programming, #Security, #Fuzzing, #Git, etc. posts.

#introduction ฅ^•ﻌ•^ฅ

I do graphics security for a chip manufacturer. #fuzzing is my weapon of choice. I've done Security Development Lifecycle policy, auditing, and execution for long enough to be absolutely numb to corporate security culture.

#rust

My hobby is collecting hobbies but #cooking, #3DPrinting, and #mechanicalkeyboards are my most active ones now. Most of my projects have in common that they are about better instrumentation, tools, and infrastructure, not so much about the end result, e.g., I spend more time tuning my printer than using it to print things I need. My hope is that what I do and learn will help others create.

I absolutely hate intellectual property and the current school systems. Knowledge is everyone's and should be available for everyone to learn and use. Telling you what, how, and when to learn has to be one of the worst ways to transmit knowledge.

I love teaching and learning with others who love to learn. If you think I might know about something feel free to ask directly.

#cats are the only authority I recognize.

Hi, I'm Dominik

I had always worked for product security teams on the side (WiFi SoHo routers, Smartcard readers, random software, ..) during uni/PhD, but finally quit #academia completely a while ago.

Now I'm doing #connectivity security and vuln research, trying to improve archaic low level protocols and implementations in #phones .

Before that, I did a lot of #fuzzing (still do) and co-authored a bunch of papers I personally like, about #snapshot and #network fuzzing (FitM), #binary-only baseband fuzzing (FirmWire), Nvidia #driver fuzzing (BSOD) and many more.

Also, stumbled into @aflplusplus, the team maintaining #AFL++ and the fuzzing library #LibAFL we wrote in #rust (https://github.com/AFLplusplus/LibAFL) that currently dominates benchmarks! Enjoying this a lot :)

Apart from that, I travel, play games, organize CTFs, and just do whatever activities friends spontaneously throw at me