libfuzzer-workshop
LuckyCAT
libfuzzer-workshop | LuckyCAT | |
---|---|---|
2 | 1 | |
1,218 | 67 | |
- | - | |
2.6 | 10.0 | |
10 months ago | almost 4 years ago | |
C++ | Python | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
libfuzzer-workshop
-
Ask HN: What are some worthy non-cryto uses of excess home compute nowadays?
Learning how to is half the fun!
There's a bunch of good tutorials out there on [dumb] fuzzing (presumably where you'll start). One starting point I'd recommend is taking a binary that accepts input from stdin and making some proof-of-concepts with AFL (https://lcamtuf.coredump.cx/afl/).
If you'd rather start from a code/library perspective (and not CLI), I'd recommend libfuzzer (https://github.com/Dor1s/libfuzzer-workshop/).
There's a lot of other fuzzers, techniques, and depth to the field, but I'd recommend inch worming through (speed up as you gain more comfort). The Fuzzing Book is good to help you understand the logic behind techniques and strategies (https://www.fuzzingbook.org/)
As for some management, there's a few decent "monitoring" systems out there; personally I just SSH in and check the fuzzer manually (I leave it running in a tmux pane), but if that's not your cup of tea I've heard good things about OneFuzz (https://github.com/microsoft/onefuzz) and LuckyCat (https://github.com/fkie-cad/LuckyCAT).
Happy to answer any specifics of the sort :)
-
Fuzzing Java in OSS-Fuzz
That depends on the language you want to fuzz. A good general introduction and hands-on "course" for C/C++ is https://github.com/Dor1s/libfuzzer-workshop. If you prefer Java and just want to get a feeling for how concrete fuzz targets can look like, take a look at the Jazzer examples at https://github.com/CodeIntelligenceTesting/jazzer/tree/main/....
LuckyCAT
-
Ask HN: What are some worthy non-cryto uses of excess home compute nowadays?
Learning how to is half the fun!
There's a bunch of good tutorials out there on [dumb] fuzzing (presumably where you'll start). One starting point I'd recommend is taking a binary that accepts input from stdin and making some proof-of-concepts with AFL (https://lcamtuf.coredump.cx/afl/).
If you'd rather start from a code/library perspective (and not CLI), I'd recommend libfuzzer (https://github.com/Dor1s/libfuzzer-workshop/).
There's a lot of other fuzzers, techniques, and depth to the field, but I'd recommend inch worming through (speed up as you gain more comfort). The Fuzzing Book is good to help you understand the logic behind techniques and strategies (https://www.fuzzingbook.org/)
As for some management, there's a few decent "monitoring" systems out there; personally I just SSH in and check the fuzzer manually (I leave it running in a tmux pane), but if that's not your cup of tea I've heard good things about OneFuzz (https://github.com/microsoft/onefuzz) and LuckyCat (https://github.com/fkie-cad/LuckyCAT).
Happy to answer any specifics of the sort :)
What are some alternatives?
jazzer - Coverage-guided, in-process fuzzing for the JVM
onefuzz - A self-hosted Fuzzing-As-A-Service platform
junit-quickcheck - Property-based testing, JUnit-style
fishnet - Distributed Stockfish analysis for lichess.org
American Fuzzy Lop - american fuzzy lop - a security-oriented fuzzer
i2p.i2p - I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.
PIT - State of the art mutation testing system for the JVM
Yacy - Distributed Peer-to-Peer Web Search Engine and Intranet Search Appliance