Sergej Schumilo @ms_s3c - Twitter Profile

Pinned Tweet

over 4 years ago

@is_eqv and I just published the source code of our hypervisor-based snapshot fuzzer for complex network targets (+ vulns in firefox): https://t.co/zSv3EKey0t. Check it out!

3

297

101

53

0

ms_s3c retweeted

Thorsten Holz @thorstenholz

about 2 years ago

Congratulations Dr. @m_u00d8! 🎉

10

48

3

1

10K

ms_s3c retweeted

TyphoonCon🌪️

@typhooncon

over 2 years ago

📷We’re excited to announce the second training session for #TyphoonCon24: “Fuzzing & Attacking Deeply Embedded Devices” by Tobias Scharnowski (@ScepticCtf) & Marius Muench (@nSinusR). Learn more and register: https://t.co/OCuzVSfpSc

typhooncon's tweet photo. 📷We’re excited to announce the second training session for #TyphoonCon24: “Fuzzing & Attacking Deeply Embedded Devices” by Tobias Scharnowski (@ScepticCtf) & Marius Muench (@nSinusR).

Learn more and register: https://t.co/OCuzVSfpSc https://t.co/db5smQiv0Q

2

537

83

210

574K

ms_s3c retweeted

Moritz Schloegel @m_u00d8

over 2 years ago

Fuzzing is hard, evaluating fuzzing is harder 🔥 For our new @IEEESSP paper, we studied 150 fuzzing evals and found issues such as lackluster documentation, bad experiment setups, or questionable CVEs 📄 Paper https://t.co/wmVgzVuCCI 🔧 Help us fix this https://t.co/efNjsJf4kR

3

182

48

74

23K

Who to follow

is-eqv.bsky.social

@is_eqv

Go find me at https://t.co/yLbJ91N0hA

Tim Blazytko

@mr_phrazer

Binary Security Researcher & Trainer | PT Chief Scientist @ Emproof Also at https://t.co/YBfgAt3kc7

lukas seidel

@pr0me

AI x Infosec Researcher @RevEng_AI • Binary Program Analysis • PhD Candidate @TUBerlin • prev. built @VulHuntRE at Binarly • Capturing Flags for @ENOFLAG

ms_s3c retweeted

Christian Holler @mozdeco

over 2 years ago

I know I'm late for Christmas presents but I've added dynamic instrumentation filtering to AFL++. You can now select which parts of the (llvmnative) instrumentation you want to use at runtime, without rebuilding: https://t.co/LA8grDAK3S #fuzzing

0

27

9

5

4K

ms_s3c retweeted

h0mbre @h0mbre_

over 2 years ago

starting a new fuzzer project on the blog that is based on an old @gamozolabs idea. in the first post, we load a statically built Bochs emulator ELF into our fuzzer process and execute it. there is some code and the humble beginnings of a repo. lets gooo https://t.co/MrJEAHHO5E

6

347

101

130

82K

ms_s3c retweeted

Mathieu Tarral @mtarral

over 2 years ago

🚀 kAFL release v0.8 1⃣ New Linux tutorial based on the Damned Vulnerable Kernel Module (DVKM) by @hardik05 2⃣ Docs how to use the kAFL "https://t.co/rxel295DQo" and sharedir based workflow to fuzz Linux targets 3⃣ A simplified kAFL agent in the Linux kernel !

mtarral's tweet photo. 🚀 kAFL release v0.8

1⃣ New Linux tutorial based on the Damned Vulnerable Kernel Module (DVKM) by @hardik05
2⃣ Docs how to use the kAFL "https://t.co/rxel295DQo" and sharedir based workflow to fuzz Linux targets
3⃣ A simplified kAFL agent in the Linux kernel ! https://t.co/ldRgtizfz2

1

75

18

28

8K

ms_s3c retweeted

Mathieu Tarral @mtarral

about 3 years ago

It's been a while since I've given updates here, especially since I started at Intel one year ago ! I've taken over the maintainership of kAFL 🛠️🚀 kAFL is a HW assisted feedback fuzzer for x86 VMs ✨ https://t.co/O6dEFMrVo9 ⬇️ (1/x)

5

161

47

39

21K

Sergej Schumilo @ms_s3c

about 3 years ago

@australeo @byte_how @is_eqv We did exactly that with kAFL / Nyx. The second trace buffer is required since the interrupt signal is somewhat imprecise according to the documentation: https://t.co/e2GIyq3Noh

0

1

0

75

Sergej Schumilo @ms_s3c

about 3 years ago

@australeo @byte_how @is_eqv There is another reason to use a ToPA: By utilizing ToPA Entry Fields, you can basically configure the CPU in a way to get notified as soon as a specific buffer has been filled (basically to avoid any data loss during tracing without frequently checking its state).

1

0

74

Sergej Schumilo @ms_s3c

over 3 years ago

@dvyukov @is_eqv So basically, with these and some other useful capabilities, Nyx enables fuzzing of complex targets (like browsers or games) or can accelerate any other target by creating the snapshot just before the input is read the first time (to avoid the startup routine after each exec).

0

3

0

125

Sergej Schumilo @ms_s3c

over 3 years ago

@dvyukov @is_eqv Before the actual fuzzing starts, the guest requests the hypervisor to create a root snapshot, which is later used to restore the VM state after each execution (and also in case the fuzzer uncovers a bug, which leads to a crash, kernel panic, or any other corruption of the VM).

1

2

0

178

ms_s3c retweeted

Omar @byte_how

over 3 years ago

Every paper from them is gold. (@is_eqv, @ms_s3c, @mr_phrazer et al) Every. Single. One. https://t.co/jVV3xvoIj7

1

30

4

10

0

ms_s3c retweeted

Christopher

@Kharosx0

about 4 years ago

Nyx fuzzing a Windows x64 kernel driver w/ full-system snapshot fuzzing. Lots of components, but it works pretty well.

1

166

26

29

0

ms_s3c retweeted

dmnk.bsky.social @domenuk

about 4 years ago

We just released FitM, the Fuzzer in the Middle!🎉🎉 Together with @derpst3b, @JB_Liikt and @_mmunier we added snapshotting and a network emulator to qemuafl. It fuzzes multiple stages of client-server interactions independently. Paper @ BAR'22, Code here: https://t.co/PoG8kCYni7

4

285

80

41

0

ms_s3c retweeted

Richard Johnson

@richinseattle

over 4 years ago

@expend20 @is_eqv @ms_s3c Here is Nyx backend powering the familiar AFL++ frontend. This is still using intelpt + full system snapshots and achieving similar to inlined source instrumentation performance.

richinseattle's tweet photo. @expend20 @is_eqv @ms_s3c Here is Nyx backend powering the familiar AFL++ frontend. This is still using intelpt + full system snapshots and achieving similar to inlined source instrumentation performance. https://t.co/ju0pUVzrx3

0

25

4

2

0

ms_s3c retweeted

Richard Johnson

@richinseattle

over 4 years ago

Full system, hypervisor accelerated, incremental snapshot fuzzing with Intel PT coverage engine enabling full protocol stateful fuzzing via Nyx-Net! Getting roughly 1000 exec/s/core on dnsmasq. This is followup work to kAFL/RedQueen. Kudos to the authors @is_eqv and @ms_s3c!

richinseattle's tweet photo. Full system, hypervisor accelerated, incremental snapshot fuzzing with Intel PT coverage engine enabling full protocol stateful fuzzing via Nyx-Net! Getting roughly 1000 exec/s/core on dnsmasq. This is followup work to kAFL/RedQueen. Kudos to the authors @is_eqv and @ms_s3c! https://t.co/F65DtV11uE

3

253

48

44

0

Sergej Schumilo @ms_s3c

over 4 years ago

Want to fuzz complex targets with AFL++ and snapshots? @is_eqv and I now got you covered: there is a Nyx implementation for AFL++ available here https://t.co/Ghcd8K3JoZ

0

140

45

18

0

ms_s3c retweeted

Thorsten Holz @thorstenholz

over 4 years ago

Except from the @MozillaSecurity Firefox Security Newsletter/FSN-2021-Q3 (https://t.co/gYXb5rKY3O): "Now, we have received and successfully evaluated a research prototype for fuzzing the IPC Layer. " - Congratulations @ms_s3c and @is_eqv!

1

36

8

1

0

Sergej Schumilo

@ms_s3c

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users