Urk3L

We just created a blog for OSS-Fuzz! The first post is about extending our LLM fuzz harness generation work to completely new, unfuzzed projects: https://t.co/xX9m33E0sc

One SMS to Root Them All: Exposing Critical Threats in Millions of Connected Devices by Alexander Kozlov and Sergey Anufrienko https://t.co/qKU3IcO3g2

If you want to master something, teach it.

I gave Claude 3 the entire source of a small C GIF decoding library I found on GitHub, and asked it to write me a Python function to generate random GIFs that exercised the parser. Its GIF generator got 92% line coverage in the decoder and found 4 memory safety bugs and one hang.

A kids toy, designed for educational needs has vulnerabilities which allow malicious actors to easily make video calls to children using the toy, steal parental account details, and even modify the firmware. Full details 👇 https://t.co/2kKINgwinL

Frida 15 is out! 🎉 Release notes coming soon, but in the meantime, for the adventurous: grab a frida-portal binary and start it, then configure frida-gadget with { type: connect }, and finally do `frida-ps -R`. Then check out frida-join in frida-tools v10, also just released 🚀

At my SAS Online 2020 workshop I will be speaking about current trends of fuzzing since they have changed a lot lately. I’ll also share my ideas on how fuzzing should be approached nowadays and how to move away from “I’ve just launched AFL and found a bug, haha”

Also for informed defense and design of arbitrary virtualization environments