Fuzzing101
symphony-system
Fuzzing101 | symphony-system | |
---|---|---|
5 | 1 | |
2,269 | 6 | |
- | - | |
0.0 | 6.7 | |
over 1 year ago | 4 months ago | |
Python | ||
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Fuzzing101
-
Gaining kernel code execution on an MTE-enabled Pixel 8
This work comes from GitHub's Security Lab https://securitylab.github.com/
-
How I Luckily Crashed Vim in 5 Minutes
So I came back to those reports, and saw that new ones were disclosed. Octavio Gianatiempo had reported some issues in Vim, and I decided to contact him, in order to see if I could get some insights. Luckily, besides some really good materials which I am going to be putting in the end of the post, he had exactly what I was looking for, a repository with challenges and solutions involving fuzzing. This repository is called Fuzzing101.
- Fuzzing-101: learn how to fuzz like a real expert
- Fuzzing 101 - Do you want to learn how to fuzz like a real expert, but don't know how to start? If so, this is the course for you!
- Fuzzing 101 by Antonio Morales and Van Hauser
symphony-system
-
Gaining kernel code execution on an MTE-enabled Pixel 8
For anyone interested in CHERI for embedded/IoT and other similar use cases lowRISC (whom I work for) are building a couple of FPGA based evaluation platforms for CHERIoT (The Microsoft created CHERI variant referred to above): https://www.sunburst-project.org/
The first is the Sonata system: https://github.com/lowRISC/sonata-system. This comprises a dedicated PCB with an FPGA along with various peripherals and headers. The PCB design is done and will be available through Mouser (plus it's open source including the board layout so you can assemble your own if you like). We're currently working on the RTL for the FPGA. When complete you'll have a complete CHERIoT based microcontroller like system with documentation and tooling.
Additionally we're building the Symphony system, which combines Sonata with the OpenTitan Earl Grey root of trust: https://github.com/lowRISC/symphony-system
What are some alternatives?
wtf - wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!).
libfuzzer - Thin interface for libFuzzer, an in-process, coverage-guided, evolutionary fuzzing engine.
sharpfuzz - AFL-based fuzz testing for .NET
clusterfuzzlite - ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
syzkaller - syzkaller is an unsupervised coverage-guided kernel fuzzer
cfuzzer - url-fuzzer
harbian-qa - Bug hunting through fuzzer/*-sanitizer/etc...