wtf
cryptofuzz
wtf | cryptofuzz | |
---|---|---|
1 | 6 | |
1,351 | 653 | |
- | - | |
5.6 | 8.8 | |
13 days ago | 10 days ago | |
C++ | C++ | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wtf
cryptofuzz
-
Java ECDSA trivial signature bypass
There is also the cryptofuzz
- What are some real-world security issues in cryptography?
-
The biggest source of vulnerabilities in cryptographic libraries is memory safety bugs, not cryptography bugs
2) There's a popular fuzzing technique, called "differential fuzzing" that works especially well for cryptographic libraries. The idea is to have the fuzzer look for both memory safety issues (like buffer overflows, even if they're too small to cause a crash AddressSaniziter can detect) and actual logic bugs in the cryptography implementation (e.g. the output of one implementation not matching the output of another, given the same state/inputs).
-
You Shouldn't Roll Your Own Crypto: An Empirical Study
I understand that they base their research on CVE data because it offers normalized quantifiers of severity and scope, but in my experience vendors by and large don't bother with CVE's for API bugs even when the affected primitive is clearly malfunctioning (memory or correctness issues).
I've been deeply fuzzing cryptographic libraries for a few years and found about 130 bugs [1]. The vast majority of these did not receive a CVE. Now some of these are merely theoretical, others will only manifest under particular circumstances like specific calling sequences, others were caught in the development phase before landing in stable releases, but a number of them are outright vulnerabilities. The usefulness of CVE incidence is questionable when it is so strongly influenced by the vendor's propensity for reporting these.
[1] https://github.com/guidovranken/cryptofuzz#bugs-found-by-cry...
-
What Is Fuzz Testing?
[1]: https://guidovranken.com/2019/05/14/differential-fuzzing-of-...
-
Cyber Security; Beginner Roadmap
I don't have any certs (apart from malformed X509 files..) so I can't speak of their effectiveness. What has worked for me is having a strong presence in open source. I just show people one of my projects like [1] and nobody asks about certs or education, ever. I spend most of my free time on these projects so cultivating a sizeable project might not be a suitable route for anyone who has a life outside of computers, though having some kind of publicly available utility where a prospective employer can check out your coding style and skills is probably a decent way to stand out amidst a sea of applicants.
[1] https://github.com/guidovranken/cryptofuzz
What are some alternatives?
rofl-fuzzer - domato but as a website
beacon-fuzz - Differential Fuzzer for Ethereum 2.0
syzkaller - syzkaller is an unsupervised coverage-guided kernel fuzzer
onefuzz - A self-hosted Fuzzing-As-A-Service platform
sharpfuzz - AFL-based fuzz testing for .NET
doubleback - Doubleback provides round-trip parsing and printing of 64-bit double-precision floating-point numbers using the Ryu algorithm implemented in multiple programming languages. Doubleback is biased towards "human-friendly" output which round-trips consistently between binary and decimal.
libfuzzer - Rust bindings and utilities for LLVM’s libFuzzer
writeups - CTF writeups from The Flat Network Society
AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Sloth - Sloth 🦥 is a coverage guided fuzzing framework for fuzzing Android Native libraries that makes use of libFuzzer and QEMU user-mode emulation
Fuzzing101 - An step by step fuzzing tutorial. A GitHub Security Lab initiative
radamsa