sneak peak time! Stuff that ☁️🖥️, Sergej Schumilo and I have been working on. What if your debugger has a fuzzing harness and can run the target 100s to 10000s of times per second? Why bother with breakpoints? Watch expressions get evaluated live as you type.

Sergej Schumilo and I just published the code of our snapshot based hypervisor fuzzer Nyx github.com/RUB-SysSec/Nyx. Paper and talk: usenix.org/conference/use…. Stay tuned for a much more polished version at nyx-fuzz.com

Our (Cornelius Aschermann, Andrea Jemmett, @bl4ckic3 and Thorsten Holz) paper on robust snapshot based network fuzzing has landed on ArXiv, check it out here: arxiv.org/abs/2111.03013

Sergej Schumilo Sergej Schumilo and I also just published the most recent version of the codebase here: nyx-fuzz.com (the homepage even has gifs, check it out!!!)

Except from the Mozilla Security Firefox Security Newsletter/FSN-2021-Q3 (wiki.mozilla.org/Firefox_Securi…): "Now, we have received and successfully evaluated a research prototype for fuzzing the IPC Layer. " - Congratulations Sergej Schumilo and Cornelius Aschermann!

Want to fuzz complex targets with AFL++ and snapshots? Cornelius Aschermann and I now got you covered: there is a Nyx implementation for AFL++ available here github.com/nyx-fuzz/Nyx/b…

Full system, hypervisor accelerated, incremental snapshot fuzzing with Intel PT coverage engine enabling full protocol stateful fuzzing via Nyx-Net! Getting roughly 1000 exec/s/core on dnsmasq. This is followup work to kAFL/RedQueen. Kudos to the authors Cornelius Aschermann and Sergej Schumilo!

expy Cornelius Aschermann Sergej Schumilo Here is Nyx backend powering the familiar AFL++ frontend. This is still using intelpt + full system snapshots and achieving similar to inlined source instrumentation performance.

AFL++ v4.00c was just released! Nyx VM snapshot & ARM coresight mode, improved cmplog, lots of fixes and better handling :) github.com/AFLplusplus/AF… #afl #fuzzing

We just released FitM, the Fuzzer in the Middle!🎉🎉 Together with otto, Liikt and mmunier we added snapshotting and a network emulator to qemuafl. It fuzzes multiple stages of client-server interactions independently. Paper @ BAR'22, Code here: github.com/FGSect/FitM

Nyx fuzzing a Windows x64 kernel driver w/ full-system snapshot fuzzing. Lots of components, but it works pretty well.

It's been a while since I've given updates here, especially since I started at Intel one year ago ! I've taken over the maintainership of kAFL 🛠️🚀 kAFL is a HW assisted feedback fuzzer for x86 VMs ✨ github.com/IntelLabs/kAFL ⬇️ (1/x)

🚀 kAFL release v0.8 1⃣ New Linux tutorial based on the Damned Vulnerable Kernel Module (DVKM) by Hardik Shah 2⃣ Docs how to use the kAFL "agent.sh" and sharedir based workflow to fuzz Linux targets 3⃣ A simplified kAFL agent in the Linux kernel !

starting a new fuzzer project on the blog that is based on an old Brandon Falk idea. in the first post, we load a statically built Bochs emulator ELF into our fuzzer process and execute it. there is some code and the humble beginnings of a repo. lets gooo h0mbre.github.io/New_Fuzzer_Pro…

I know I'm late for Christmas presents but I've added dynamic instrumentation filtering to AFL++. You can now select which parts of the (llvmnative) instrumentation you want to use at runtime, without rebuilding: github.com/AFLplusplus/AF… #fuzzing

Fuzzing is hard, evaluating fuzzing is harder 🔥 For our new IEEE S&P paper, we studied 150 fuzzing evals and found issues such as lackluster documentation, bad experiment setups, or questionable CVEs 📄 Paper mschloegel.me/paper/schloege… 🔧 Help us fix this github.com/fuzz-evaluator…

📷We’re excited to announce the second training session for #TyphoonCon24: “Fuzzing & Attacking Deeply Embedded Devices” by Tobias Scharnowski (Tobias Scharnowski) & Marius Muench (nSinus-R (@[email protected])). Learn more and register: eventbrite.com/e/typhooncon-2…

Congratulations Dr. Moritz Schloegel! 🎉