Interesting research and PoC on bypassing eBPF based detection tools: https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/

#linux #ebpf #dfir #bypass

The slides of my BPF fuzzing talk at Linux Plumbers 2024 are available at: https://pchaigno.github.io/assets/Linux%20Plumbers%202024%20Fuzzing%20eBPF.pdf. I described the current subsystem coverage from syzkaller and discussed several approaches that have been used, in syzkaller and elsewhere, to improve #eBPF fuzzing.

I accidentally found a security issue while benchmarking postgres changes.

If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.

https://www.openwall.com/lists/oss-security/2024/03/29/4

Wrote a blog post about how we monitor files with BPF in Tetragon: https://isovalent.com/blog/post/file-monitoring-with-ebpf-and-tetragon-part-1/

The blog post about the libwebp vulnerability fuzzing is up, it explains how I set up the experiment, how the crash was found and why oss-fuzz was not able to find it: https://www.srlabs.de/blog-post/advanced-fuzzing-unmasks-elusive-vulnerabilities #fuzzing

As there is quite some interest about finding the libwebp bug with fuzzing, I will write a blog entry about this next week #fuzzing

My talk about #casr at OFFZONE 2023!!!
Slides:
https://offzone.moscow/upload/iblock/f15/ocurqz4vbrm0hf37197x7rufswzpycgf.pdf
Video (in Russian):
https://youtu.be/EgEeICZQD9M

#fuzzing

We released #LibAFL 0.11 (and 0.11.1 with a doc fix).

Highlights:

• libafl_libfuzzer: a full #LibFuzzer replacement
• libafl_bolts: low-level building blocks for #rust
• libafl_qemu: hooks and fuzzing in #QEMU 8, #Hexagon support, ..
• Updated #FRIDA
• ...

https://github.com/AFLplusplus/LibAFL/releases/tag/0.11.0

Have fun #fuzzing

From time to time I read books, like many others.
Suddenly I asked myself: "Which books are made a big influence on me?"

The Steve Jobs Way: iLeadership for a New Generation.
Русская модель управления (Russian management model).

Come see @nsr and me talk about smartphone baseband emulation and #fuzzing.

Learn how to use #FirmWire and find some bugs :)

Thursday morning, 10:30 at #cccamp23
https://pretalx.c3voc.de/camp2023/talk/TQXEN7/

Check out our work on using LLMs to generate fuzz targets in OSS-Fuzz:
https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html
#fuzzing

“AI is going to take our jobs!”

AI:

AFL++ v4.08c was just released. New mutation engine, lots of small improvements :) https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.08c #afl #fuzzing #fuzzingtools #fuzzer

Fuzz your cargo-fuzz harness with LibAFL!

I'm happy to share the fuzz runtime described in our recent FUZZING'23 report, CrabSandwich, which expands on libafl_libfuzzer to allow for Rust support. This allows Rust developers to switch away from the now-in-stasis libFuzzer to a LibAFL-based runtime which supports most common features of libFuzzer seamlessly.

Want to try it out for yourself? Simply edit your existing cargo-fuzz harnesses' Cargo.toml to change the libfuzzer-sys dependency as shown here: https://github.com/rust-fuzz/cargo-fuzz/issues/330#issuecomment-1592911175

In most cases, the entire edit is a single-line change (!). At this time, we only support Linux, but are looking for contributions to expand to Windows and macOS as well.

Happy hunting! #fuzzing #rust #libafl #AFLplusplus

🐝 What’s the buzz about #fuzzing? Learn how to build your own fuzzer with Hands On #Binary Fuzzing and #ReverseEngineering, by Robin David. Get your ticket now!

🎟️ https://ringzer0.training/trainings/hands-on-binary-fuzzing-and-reverse-engineering.html

CASR 2.7.0 is available!
https://github.com/ispras/casr/releases/tag/v2.7.0

Simply deduplicate and create reports for #UndefinedBehaviorSanitizer warnings with Casr: casr-ubsan -i corpus -o out -- /fuzz_target @@

https://github.com/ispras/casr/blob/master/docs/usage.md#casr-ubsan

#casr #defectdojo #vulnerabilitymanagement #VulnerabilityAssesment #AppSec #DevSecOps
Image

Check out the updated AFL++ dev branch: new mutation implementation that switches automatically between exploration (find coverage) and exploitation (find crashes) and has more capabilities than before! Also displays now the state of the fuzzing (started, in progress, final phase, finished) :-) #fuzzer

AFL++ 4.07c release: 3 new custom mutators, full LLVM 13-17 support, afl-cmin parallel support, bug fixes and more!
https://github.com/AFLplusplus/AFLplusplus/releases/tag/4.07c #afl #fuzzer #fuzzing #fuzzingtools

casr-dojo: upload new and unique #crash reports found by #fuzzing to DefectDojo vulnerability management system: https://github.com/ispras/casr/blob/master/docs/usage.md#casr-dojo

#casr #defectdojo #vulnerabilitymanagement #VulnerabilityAssesment #AppSec #DevSecOps #cpp #rust #go #python