Turns out, libxdc is still by far the fastest PT decoder out there! Find more infos on why libxdc outperforms honeybee: github.com/nyx-fuzz/libxdc. Thanks to Sergej Schumilo for investigating this and to Allison Husain {@[email protected]} for the fresh ideas and helping us understand the performance of honeybee!

sneak peak time! Stuff that ☁️🖥️, Sergej Schumilo and I have been working on. What if your debugger has a fuzzing harness and can run the target 100s to 10000s of times per second? Why bother with breakpoints? Watch expressions get evaluated live as you type.

Sergej Schumilo and I just published the code of our snapshot based hypervisor fuzzer Nyx github.com/RUB-SysSec/Nyx. Paper and talk: usenix.org/conference/use…. Stay tuned for a much more polished version at nyx-fuzz.com

Our (is-eqv.bsky.social, Andrea Jemmett, @bl4ckic3 and Thorsten Holz) paper on robust snapshot based network fuzzing has landed on ArXiv, check it out here: arxiv.org/abs/2111.03013

Sergej Schumilo Sergej Schumilo and I also just published the most recent version of the codebase here: nyx-fuzz.com (the homepage even has gifs, check it out!!!)

Remember when Sergej Schumilo and is-eqv.bsky.social showed us how to fuzz Super Mario Bros. at FuzzCon Europe 2020? -> youtu.be/jkNao0SjBAA They just published the source code to their hypervisor-based snapshot fuzzer. Feel free to check it out! ->github.com/RUB-SysSec/nyx… #Fuzzing #SuperMario

Except from the Mozilla Security Firefox Security Newsletter/FSN-2021-Q3 (wiki.mozilla.org/Firefox_Securi…): "Now, we have received and successfully evaluated a research prototype for fuzzing the IPC Layer. " - Congratulations Sergej Schumilo and is-eqv.bsky.social!

Want to fuzz complex targets with AFL++ and snapshots? is-eqv.bsky.social and I now got you covered: there is a Nyx implementation for AFL++ available here github.com/nyx-fuzz/Nyx/b…

Full system, hypervisor accelerated, incremental snapshot fuzzing with Intel PT coverage engine enabling full protocol stateful fuzzing via Nyx-Net! Getting roughly 1000 exec/s/core on dnsmasq. This is followup work to kAFL/RedQueen. Kudos to the authors is-eqv.bsky.social and Sergej Schumilo!

expy is-eqv.bsky.social Sergej Schumilo Here is Nyx backend powering the familiar AFL++ frontend. This is still using intelpt + full system snapshots and achieving similar to inlined source instrumentation performance.

We just released FitM, the Fuzzer in the Middle!🎉🎉 Together with otto, Liikt and mmunier we added snapshotting and a network emulator to qemuafl. It fuzzes multiple stages of client-server interactions independently. Paper @ BAR'22, Code here: github.com/FGSect/FitM

Nyx fuzzing a Windows x64 kernel driver w/ full-system snapshot fuzzing. Lots of components, but it works pretty well.

Every paper from them is gold. (is-eqv.bsky.social, Sergej Schumilo, Tim Blazytko et al) Every. Single. One. nyx-fuzz.com/papers/

It's been a while since I've given updates here, especially since I started at Intel one year ago ! I've taken over the maintainership of kAFL 🛠️🚀 kAFL is a HW assisted feedback fuzzer for x86 VMs ✨ github.com/IntelLabs/kAFL ⬇️ (1/x)

🚀 kAFL release v0.8 1⃣ New Linux tutorial based on the Damned Vulnerable Kernel Module (DVKM) by Hardik Shah 2⃣ Docs how to use the kAFL "agent.sh" and sharedir based workflow to fuzz Linux targets 3⃣ A simplified kAFL agent in the Linux kernel !

starting a new fuzzer project on the blog that is based on an old Brandon Falk idea. in the first post, we load a statically built Bochs emulator ELF into our fuzzer process and execute it. there is some code and the humble beginnings of a repo. lets gooo h0mbre.github.io/New_Fuzzer_Pro…

I know I'm late for Christmas presents but I've added dynamic instrumentation filtering to AFL++. You can now select which parts of the (llvmnative) instrumentation you want to use at runtime, without rebuilding: github.com/AFLplusplus/AF… #fuzzing

Fuzzing is hard, evaluating fuzzing is harder 🔥 For our new IEEE S&P paper, we studied 150 fuzzing evals and found issues such as lackluster documentation, bad experiment setups, or questionable CVEs 📄 Paper mschloegel.me/paper/schloege… 🔧 Help us fix this github.com/fuzz-evaluator…

📷We’re excited to announce the second training session for #TyphoonCon24: “Fuzzing & Attacking Deeply Embedded Devices” by Tobias Scharnowski (Tobias Scharnowski) & Marius Muench (nSinus-R (@[email protected])). Learn more and register: eventbrite.com/e/typhooncon-2…

Congratulations Dr. Moritz Schloegel! 🎉