Olivia
Online
Golang Security
@GolangSecurity
Joined June 2020
4.4K Following
4.2K Followers
341 Posts
Pinned Tweet
Several years ago, I wrote an article on #golang package design and styling which became quite popular. NotebookLM generated a podcast for it and it's ridiculous:
- They have nice analogies.
- They developed new ideas like keeping types closer help debugging.
- They know how Go differs from other languages in package organization.
📡 [Monthly Fuzzing] June 2024
Here is the latest fuzzing news released last month!
📺 Videos/Podcasts
FuzzyAI: Attacking LLMs With Coverage-Guided Fuzzing - https://t.co/uUmlzVGDC9
Your NVMe Had Been Syz'ed - https://t.co/WY7uqYxM7d
Linux Fuzzing Tutorial with AFL Fuzzer - https://t.co/8O1AIF6nWu
A Bug Hunter’s Reflections on Fuzzing - https://t.co/OCl1wm9D8I / https://t.co/J08RXOeHKx
📝 Blogposts/Papers/Slides
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller - https://t.co/pwwc5oqvWD
Coverage guided fuzzing for native Android libraries (Frida & Radamsa) - https://t.co/MK2orq9yJ5
Large Language Model guidedProtocol Fuzzing - https://t.co/KVup3ohJf7
Talos releases new macOS open-source fuzzer - https://t.co/Lbx2kqlAQm
To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux’ Wireless Stacks through VirtIO Devices - https://t.co/EsbAadGq1J
Everything is Good for Something: Counterexample-Guided Directed Fuzzing viaLikely Invariant Inference - https://t.co/WGLF0Hv3in
Hunting bugs in Nginx JavaScript engine (njs) - https://t.co/SPJWxftB9h
Introducing LLM-based harness synthesis for unfuzzed projects - https://t.co/XFDYJhLhxz
TSS @ NUS - Fuzz Testing publications: https://t.co/Npz6uW1unR
Democratizing Fuzzing at Scale - https://t.co/R8Mvu4Wym5
Thread on (counter-)intuitive fuzzing behavior and statistics - https://t.co/v9VHwh9sb5
Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example - https://t.co/QbbFSs13wF
⚙️ Tools/Repositories
https://t.co/4EY9k3fmcz: AutoCorpus is a tool backed by a large language model (LLM) for automatically generating corpus files for fuzzing.
https://t.co/5Fe3dqrkwQ: AyedFuzzer is a small Fuzzer with 3 options (File mutating, WinDbg-interactive monitor, multi-processing) for windows executables
Cisco-Talos/snap_wtf_macos: WTF Snapshot fuzzing of macOS targets - https://t.co/XWw6UUFhus
https://t.co/ZxD5dvfmzj: VirtFuzz is a Linux Kernel Fuzzer that uses VirtIO to provide inputs into the kernels subsystem. It is built with LibAFL.
See you next month and take care!
cc: @a13xp0p0v @GuidedHacking @mboehme_
Web version: https://t.co/Y3mxHaCUFp
![FuzzingLabs's tweet photo. 📡 [Monthly Fuzzing] June 2024
Here is the latest fuzzing news released last month!
📺 Videos/Podcasts
FuzzyAI: Attacking LLMs With Coverage-Guided Fuzzing - https://t.co/uUmlzVGDC9
Your NVMe Had Been Syz'ed - https://t.co/WY7uqYxM7d
Linux Fuzzing Tutorial with AFL Fuzzer - https://t.co/8O1AIF6nWu
A Bug Hunter’s Reflections on Fuzzing - https://t.co/OCl1wm9D8I / https://t.co/J08RXOeHKx
📝 Blogposts/Papers/Slides
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller - https://t.co/pwwc5oqvWD
Coverage guided fuzzing for native Android libraries (Frida & Radamsa) - https://t.co/MK2orq9yJ5
Large Language Model guidedProtocol Fuzzing - https://t.co/KVup3ohJf7
Talos releases new macOS open-source fuzzer - https://t.co/Lbx2kqlAQm
To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux’ Wireless Stacks through VirtIO Devices - https://t.co/EsbAadGq1J
Everything is Good for Something: Counterexample-Guided Directed Fuzzing viaLikely Invariant Inference - https://t.co/WGLF0Hv3in
Hunting bugs in Nginx JavaScript engine (njs) - https://t.co/SPJWxftB9h
Introducing LLM-based harness synthesis for unfuzzed projects - https://t.co/XFDYJhLhxz
TSS @ NUS - Fuzz Testing publications: https://t.co/Npz6uW1unR
Democratizing Fuzzing at Scale - https://t.co/R8Mvu4Wym5
Thread on (counter-)intuitive fuzzing behavior and statistics - https://t.co/v9VHwh9sb5
Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example - https://t.co/QbbFSs13wF
⚙️ Tools/Repositories
https://t.co/4EY9k3fmcz: AutoCorpus is a tool backed by a large language model (LLM) for automatically generating corpus files for fuzzing.
https://t.co/5Fe3dqrkwQ: AyedFuzzer is a small Fuzzer with 3 options (File mutating, WinDbg-interactive monitor, multi-processing) for windows executables
Cisco-Talos/snap_wtf_macos: WTF Snapshot fuzzing of macOS targets - https://t.co/XWw6UUFhus
https://t.co/ZxD5dvfmzj: VirtFuzz is a Linux Kernel Fuzzer that uses VirtIO to provide inputs into the kernels subsystem. It is built with LibAFL.
See you next month and take care!
cc: @a13xp0p0v @GuidedHacking @mboehme_
Web version: https://t.co/Y3mxHaCUFp](https://pbs.twimg.com/media/GPZ6o4pa0AM5Vj4.jpg)
🎉 Go 1.20.6 and 1.19.11 are released!
🔐 Security: Includes security fixes for CVE-2023-29406 and Go issue https://t.co/TvnTCb3lMm
📢 Announcement: https://t.co/6ahFqq7ifS
📦 Download: https://t.co/OmPG7Q663K
#golang
🤯 Fun fact: you can now build coverage-instrumented programs using “go build -cover”, then feed these instrumented binaries into an integration test to extend the scope of coverage testing.
Juggling with software development?🤹♂️
This week Damian Gryski (@dgryski), a Principal Software Developer at Fastly, takes us through his journey.
🤓Being advanced in high school
🤹Interest in juggling
👨💻Getting into Golang
🎙️Watch here: https://t.co/YAs6vilAch
🎊 Go 1.20 Release Candidate 3 is released!
🏃♀️ Run it in dev! Run it in prod! File bugs! https://t.co/Ul1xGhvlkf
🗣 Announcement: https://t.co/ebCdKvc4He
🚚 Download: https://t.co/Thd2SB7ObQ
#golang
📣 VS Code Go v0.37.0 is released! 🎉
✨This includes new analysis features that report known vulnerabilities in your dependencies.🕵️
✏️ Release Note: https://t.co/2UDAt9WDh7
🙏Feedback on vulncheck: https://t.co/W4oIIIaZFG
☝️File bugs: https://t.co/irRtLCqfPJ
#VSCodeGo
😎 Fuzz testing made easy.
Check out this code demo from @katie_hockman of a bug being found, fixed, and tested in real time using fuzzing ➡ https://t.co/snqMGzsoSA
📦 The Go team is looking to add a new package to the standard library for structured logging.
Jonathan Amsterdam covered what this means at Go Day 2022. Tune in 👉 https://t.co/qH8YM2VSY7
🥳 Go 1.19.4 and 1.18.9 are released!
🔏 Security: Includes security fixes for net/http (CVE-2022-41717, CVE-2022-41720) and os (CVE-2022-41720).
📢 Announcement: https://t.co/cFuWsY1bOo
📦 Download: https://t.co/JkrAPmPlqj
#golang
It's just mind-blowing! 🤯 it's so impressive that #ChatGPT is able to answer such complex subjects as exploitation, reversing, decompilation, fuzzing, etc.
https://t.co/8yjQOfOHYZ
I made a video about some mind-blowing examples/usages for security research and engineers.
⚡🔐 Write applications faster and more securely with Go!
@OSSCody discussed some of the new and upcoming security features in Go at Go Day 2022. Watch to learn about the new govulncheck command, and how to write fuzz tests → https://t.co/VmM0iiExVJ
🎉 24 hours until Go Day 2022 on #GoogleOSLive!
Join us November 3rd to learn about:
💻 Structured Logging for Go
📝 Writing your Applications Faster and More Securely with Go
...and more!
Register 👉 https://t.co/9u9AFY3tRz
"Gobra is an automated, modular verifier for Go programs, based on the Viper verification infrastructure. Go is targeted at high performance applications running in potentially distributed settings and on multicore machines."
https://t.co/uRcBFlE6q3
That's exactly why we are using usually using differential fuzzing to find this kind of logic bugs. It could have been catch easily if they got at least two implementation of IAVL.
To become a better Gopher, you should study the source code of the packages you use.
Not only will you better understand how they work, but you'll also learn what patterns they use in practice.
#golang
🥳 We're honored to be a sponsor at this year’s #GopherCon
We can’t wait to be reunited with our fellow Gophers on Oct 6th-8th at the Marriott Marquis in Chicago!
Register for your spot today → https://t.co/JRuLS7C53t
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.2M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers