onefuzz
fishnet
onefuzz | fishnet | |
---|---|---|
4 | 45 | |
2,780 | 691 | |
- | 0.9% | |
0.0 | 8.9 | |
6 months ago | 5 days ago | |
C# | Rust | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
onefuzz
- Microsoft OneFuzz to Be Archived
-
Ask HN: What are some worthy non-cryto uses of excess home compute nowadays?
Learning how to is half the fun!
There's a bunch of good tutorials out there on [dumb] fuzzing (presumably where you'll start). One starting point I'd recommend is taking a binary that accepts input from stdin and making some proof-of-concepts with AFL (https://lcamtuf.coredump.cx/afl/).
If you'd rather start from a code/library perspective (and not CLI), I'd recommend libfuzzer (https://github.com/Dor1s/libfuzzer-workshop/).
There's a lot of other fuzzers, techniques, and depth to the field, but I'd recommend inch worming through (speed up as you gain more comfort). The Fuzzing Book is good to help you understand the logic behind techniques and strategies (https://www.fuzzingbook.org/)
As for some management, there's a few decent "monitoring" systems out there; personally I just SSH in and check the fuzzer manually (I leave it running in a tmux pane), but if that's not your cup of tea I've heard good things about OneFuzz (https://github.com/microsoft/onefuzz) and LuckyCat (https://github.com/fkie-cad/LuckyCAT).
Happy to answer any specifics of the sort :)
-
What Is Fuzz Testing?
Microsoft’s OneFuzz is tackling some of these issues
https://github.com/microsoft/onefuzz
The biggest problem with fuzzing when it comes to “developer friendliness” isn’t just how to setup the fuzzer and the fact that you need to often write quite a bit of additional code to support fuzzing but that the results aren’t easily consumable.
Getting a fuzzer to cause a crash or some unhandled exception isn’t particularly difficult understanding the actual implication of such crash is where these tools “fail”.
SAST / DAST tools with all their issues such as false positives and relatively limited coverage at least provide actionable results.
Fuzzing not only requires a much higher understanding of the code itself and of its execution but the results are often useless for many developers.
Basically it doesn’t help you breach the gap between seeing a BSOD or a kernel panic and getting a working zero day.
-
Rnetsecs Q1 2021 Information Security Hiring
To get a taste of our work, a few of the projects our group published recently: * Freta, a project to democratize full system memory forensics with trusted sensorsfor the cloud. * OneFuzz, a self hosted fuzzing as a service platform, used to scale fuzzing for multiple teams within Microsoft including Windows. * RESTler, the first stateful REST api fuzzer * RAFT, a self-hosted API testing orchestration engine, enabling developers to use RESTler and other api scanning & fuzzing tools in their CICD pipelines.
fishnet
-
Chess-GPT's Internal World Model
> The problem is that a stockfish based bot knows some very strong moves, but deliberately plays bad moves so it’s about the right skill level.
What are you basing this on? To me it seems like difficulty is set by limiting search depth/time: https://github.com/lichess-org/fishnet/blob/master/src/api.r...
- Ask HN: What fuel for my data furnace?
- Fishnet: Distributed Stockfish Analysis for Lichess.org
-
What is the deep of analysis of stockfish in lichess?
The LiChess documentation indicates how many nodes are searched: https://github.com/lichess-org/fishnet/blob/master/doc/protocol.md
-
Initial eval graph doesnt change after subsequently increasing depth
The eval graph comes from an analysis done by fishnet. The analysis that you see changing is done locally in the browser on your device. That is why there is a difference.
-
Is Lichess getting slower for people?
YOU can help by running this: https://github.com/lichess-org/fishnet
- January was a month of records for Lichess 🎉 - 147,000 concurrent players - 161 million games played - More than 4 million active users - Almost as many new accounts created as November and December combined - 4 billion games in the Lichess DB - Such an amazing start to 2023!
-
Why is Lichess analysis limited to 15 CPUs for me?
Game analyses are made in a distributed way, but only accepted from users they trust. You can check the tool they use for that here and they instructions to use it.
-
chess.com analysis of the same move in back-to-back games
It's not on the user's device and not on their servers. The game analysis is done by fishnet using donated CPU time.
-
If Chess.com made all of their premium features free, would you prefer it over Lichess or would Lichess still be better?
You can run a program on your computer, so that Lichess can run Stockfish analysis using your CPU https://github.com/lichess-org/fishnet
What are some alternatives?
radamsa
lila - ♞ lichess.org: the forever free, adless and open source chess server ♞
cryptofuzz - Fuzzing cryptographic libraries. Magic bug printer go brrrr.
pgn-tactics-generator - Generate chess puzzles / tactics from a pgn file
LuckyCAT - A distributed fuzzing management framework
online-go.com - Source code for the Online-Go.com web interface
beacon-fuzz - Differential Fuzzer for Ethereum 2.0
api - Lichess API documentation and examples
American Fuzzy Lop - american fuzzy lop - a security-oriented fuzzer
stockfish.wasm - WebAssembly port of the strong chess engine Stockfish
doubleback - Doubleback provides round-trip parsing and printing of 64-bit double-precision floating-point numbers using the Ryu algorithm implemented in multiple programming languages. Doubleback is biased towards "human-friendly" output which round-trips consistently between binary and decimal.
fishtest - The Stockfish testing framework