Leony

Figure out that AFL use the branch hit count for calculating coverage. It’s really novel idea.

RF Signal CTF Challenge write-up https://t.co/3fy503W7ig

This result in a single library file being split into more multiple memory region for the purpose.

AArch64 support XOM(eXecute-Only-Memory) which block leaking code region. Memory map Like —x https://t.co/nww3rIoWoJ

Anyway, The mutation algorithm of AFL fuzzer is optimized for file input. This is because the first funtion is bitflip.

AFL_PRELOAD is useful environment value when fuzzing command-line binary on qemu mode.

Memory allocator of android 11 fully moved over to scudo. heap is getting hardening.

If a file viewer/editor program adds an exploit mitigation(aslr,dep), the attempts to find memory corruption are significantly lower. Even through it is exploited, exploit is typically less reliable. There are few elements that can make a memory leak.

Broken phishing email accidentally reveal 0-day as well. https://t.co/TQ9tGXpQmn

Sometimes pin tool can't find end of routine during static analysis as rtn callback. So They suggest analysing rtn at runtime.

Arbitrary R/W comes from not only vulnerability ifself but also exploit primitives.