FFFF / SAFIREFUZZ by Lukas Seidel 🎉

Fuzzing is hard, evaluating fuzzing is harder 🔥 For our new IEEE S&P paper, we studied 150 fuzzing evals and found issues such as lackluster documentation, bad experiment setups, or questionable CVEs 📄 Paper mschloegel.me/paper/schloege… 🔧 Help us fix this github.com/fuzz-evaluator…

Check out our work on reproducing and evaluating fuzzing evaluations!

behind the scenes, we've been helping Onomondo ∣ A global network made for IoT implementing a complete UICC/USIM in pure software. This code has just been publicly released as open source software, see github.com/onomondo/onomo… #opensource #telecom #gsm #3gpp

A gigantic shoutout to the GIANTS. Davide Balzarotti Aurélien Francillon nSinus-R (@[email protected]) Grant H Martijn de Vos for their contributions to the community. ringzerø.training && @[email protected] Farenain

Interested in low-level hacking, embedded systems, and trusted execution environments? We currently have a PhD opening, feel free to reach out for more information! Application deadline: April 1st 2024.

WOOT'24 (USENIX WOOT Conference on Offensive Technologies) will host an artifact evaluation. We are currently looking for volunteers to serve on the artifact evaluation committee! We accept (self-)nominations via: forms.gle/CRxGL3feZ3mKrA… Thanks to everyone considering helping open & reproducible science!

Our training on fuzzing custom firmware TyphoonCon🌪️ is coming up. This is a rare opportunity to learn about finding vulnerabilities in non-Linux firmware, which can be hard to get into. Get a chance to attend our training that was fully booked hardwear.io typhooncon.com/blog/conitems/…

We still have seats left in our upcoming TyphoonCon🌪️ training! Come and learn about emulation, rehosting and fuzzing with us. Fun fact: When creating this training, we accidentally discovered a new vulnerability (CVE-2023-48229). More infos and signup: typhooncon.com/blog/conitems/…

📢 We are looking for PhDs in software security University of Twente (inactive). If you enjoy low-level hacking, automated exploit generation, vulnerability analysis, etc. check this out! 👇👇👇

Our systemization of knowledge paper on „Prudent Evaluation Practices for Fuzzing“ (arxiv.org/abs/2405.10220) has received a Distinguished Paper award at IEEE #SP24 🎉

Excited to announce that we will present our latest work on baseband fuzzing at Black Hat USA this year! Join Dyon and me on a journey of fuzzing layer 2 and finding multiple critical OTA vulnerabilities! More info: blackhat.com/us-24/briefing… See you in August!

Training News: nSinus-R (@[email protected]) and I will give an online version of our embedded fuzzing training! Aug 19-24 with ringzerø.training && @[email protected]. Check out the details and book your slot here: ringzer0.training/doubledown24-f…

Congratulations Dr. Chlosta! 🎉