onefuzz
i2p.i2p
onefuzz | i2p.i2p | |
---|---|---|
4 | 114 | |
2,780 | 1,876 | |
- | 0.8% | |
0.0 | 9.4 | |
6 months ago | 7 days ago | |
C# | Java | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
onefuzz
- Microsoft OneFuzz to Be Archived
-
Ask HN: What are some worthy non-cryto uses of excess home compute nowadays?
Learning how to is half the fun!
There's a bunch of good tutorials out there on [dumb] fuzzing (presumably where you'll start). One starting point I'd recommend is taking a binary that accepts input from stdin and making some proof-of-concepts with AFL (https://lcamtuf.coredump.cx/afl/).
If you'd rather start from a code/library perspective (and not CLI), I'd recommend libfuzzer (https://github.com/Dor1s/libfuzzer-workshop/).
There's a lot of other fuzzers, techniques, and depth to the field, but I'd recommend inch worming through (speed up as you gain more comfort). The Fuzzing Book is good to help you understand the logic behind techniques and strategies (https://www.fuzzingbook.org/)
As for some management, there's a few decent "monitoring" systems out there; personally I just SSH in and check the fuzzer manually (I leave it running in a tmux pane), but if that's not your cup of tea I've heard good things about OneFuzz (https://github.com/microsoft/onefuzz) and LuckyCat (https://github.com/fkie-cad/LuckyCAT).
Happy to answer any specifics of the sort :)
-
What Is Fuzz Testing?
Microsoft’s OneFuzz is tackling some of these issues
https://github.com/microsoft/onefuzz
The biggest problem with fuzzing when it comes to “developer friendliness” isn’t just how to setup the fuzzer and the fact that you need to often write quite a bit of additional code to support fuzzing but that the results aren’t easily consumable.
Getting a fuzzer to cause a crash or some unhandled exception isn’t particularly difficult understanding the actual implication of such crash is where these tools “fail”.
SAST / DAST tools with all their issues such as false positives and relatively limited coverage at least provide actionable results.
Fuzzing not only requires a much higher understanding of the code itself and of its execution but the results are often useless for many developers.
Basically it doesn’t help you breach the gap between seeing a BSOD or a kernel panic and getting a working zero day.
-
Rnetsecs Q1 2021 Information Security Hiring
To get a taste of our work, a few of the projects our group published recently: * Freta, a project to democratize full system memory forensics with trusted sensorsfor the cloud. * OneFuzz, a self hosted fuzzing as a service platform, used to scale fuzzing for multiple teams within Microsoft including Windows. * RESTler, the first stateful REST api fuzzer * RAFT, a self-hosted API testing orchestration engine, enabling developers to use RESTler and other api scanning & fuzzing tools in their CICD pipelines.
i2p.i2p
-
How to Access Starfiles and Bypass Censorship
How to setup I2P | How to setup Tor
-
I2P: End-to-End encrypted and anonymous Internet
This appears to link to the C++ version of I2P. Not the original "Official" Java version which is more complex and has much more built-in features: https://geti2p.net
-
Sign petition against EU chat control
> anonymous P2P encrypted communication platform (that doesn't require anything like a phone number for creating an account)
You mean https://geti2p.net?
- i2p.i2p: NEW Data - star count:1752.0
-
Pirate Site Not Impressed by Global DNS Blocking Order
It is not sufficient to serve the torrent files (or magnet links) anonymously: you will leak your IP unless you also download the actual files through darknet. However, Tor project does not recommend to use Tor for that: https://support.torproject.org/#misc_misc-4.
The actual solution is torrenting through I2P: https://geti2p.net. They support it out of the box and there are a few good trackers.
-
help with i2p
I've tried it from scratch, and it does indeed work on Parrot. I used the Debian apt repo on geti2p.net website.
-
I2P Missing Router.config
I recently decided to setup I2P on a Raspberry Pi, so I installed the jar file listed on the geti2p.net on Linux. When I went into the directory where the other i2p files are I couldn't find the router.config file.
-
Freenet 2023: a drop-in decentralized replacement for the web - and more
https://geti2p.net is real
- i2p.i2p: NEW Data - star count:1679.0
What are some alternatives?
radamsa
i2pd - 🛡 I2P: End-to-End encrypted and anonymous Internet
cryptofuzz - Fuzzing cryptographic libraries. Magic bug printer go brrrr.
ipfs - Peer-to-peer hypermedia protocol
LuckyCAT - A distributed fuzzing management framework
i2pplus - I2P+ is a soft-fork of the Java I2P Anonymizing Network Layer - this is a mirror of https://gitlab.com/i2pplus/I2P.Plus/
beacon-fuzz - Differential Fuzzer for Ethereum 2.0
aion - Aion Network - Java Implementation
American Fuzzy Lop - american fuzzy lop - a security-oriented fuzzer
Freenet - Freenet REference Daemon
fishnet - Distributed Stockfish analysis for lichess.org
i2pd-android - i2pd for Android