Exploit Development: Building Your Own Fuzzer with BASH

Send random/invalid data, watch for crashes. Simple but powerful intro to finding zero-days:
https://hackers-arise.com/exploit-development-building-your-own-fuzzer-with-bash/

#zeroday #bash #cybersecurity #fuzzers #exploitation #infosec

🐱‍💻 Ah, the riveting saga of #fuzzers on a "world tour" that no one asked for, infiltrating a whopping 13 cities like a traveling circus of byte-juggling clowns. 🎪 Let's just say it's as exhilarating as watching paint decode, with all the relevance of a French revolutionary complaining about gate fees. 🚪🔒
https://tigerbeetle.com/blog/2025-11-28-tale-of-four-fuzzers/ #worldtour #bytejuggling #cybersecurity #techhumor #travelingcircus #HackerNews #ngated

A Tale of Four Fuzzers

https://tigerbeetle.com/blog/2025-11-28-tale-of-four-fuzzers/

#HackerNews #A #Tale #of #Four #Fuzzers #technology #fuzzing #security #softwaredevelopment #cybersecurity

Curious if anyone here would be interested in a long post on a not very well known #scheme
Specifically Owl Lisp
https://gitlab.com/owl-lisp/owl
I've got an old talk I gave in the dfw hacking scene on Radamsa, the primary tool written in Owl Lisp, and I think I'm going to try to dust it off and publish it with some extra online material to along with it. Basically a mix of PL theory at work in industry that isn't about dependent types or something complicated like that, just a little language and what that gives you when you devote yourself to authoring tools in your own language. fwiw this is not cheerleading though I love lisp, but an attempt at a sober examination of a somewhat rare phenomenon, a (very) successful lisp project, out in the world that uses its own dialect of scheme.
#lisp #vulnerability #tools #infosec #fuzzers

• Knowledge matters

How do we avoid making the same ten implementation mistakes again and again?

...cynically, we don't. This is why I'm still employed as a web application tester; the OWASP Top Ten still bite hard.

Less cynically, we do it by knowing that there are only so many kinds of fraud to perpetrate, and looking for places those can be made to work on an existing system.

We know patterns and we apply them with all the creativity the human mind can muster.

That means, to be thorough, we have to remember and look for as many as possible. Yes, this is a difficult cognitive task.

It is also not one a machine can perform. It builds on context and adds history, creativity, and the endless drive to find just one more way in.

I already have #fuzzers and regex-generation tools. Those, frankly, will not be improved by adding the massive processor load LLMs require.

What I do need is time, context, and knowledge, to create an attack that will work.

Whenever explaining my research, I always inevitably get asked "What is a Fuzzer", so I wrote a blog about it:

What is a Fuzzer?
https://www.lremes.com/posts/fuzzing/

#fuzzers #fuzzing #security #AFL #systems

Fuzzing readelf on a 48 core machine with my #distributed fuzzer Hopper:

https://github.com/Cybergenik/hopper

I have 4 more of these doing the same thing, lets see if I find something interesting.
#cloudlab #fuzzers #gnu

Is there an example of where a fuzzer must fuzz multiple locations within the source data at the same time in order to trigger a vulnerability? Most fuzzing only fuzzes one location within the source data at a time before advancing to the next fuzzing location.
#fuzzing #fuzzers

Some #fuzzers we like to use in our security engagements include:

- LibFuzzer
- American Fuzzy Lop (AFL)
- honggfuzz
- boofuzz

See our full list for your #fuzzing needs! https://bishopfox.com/blog/top-9-fuzzers

Google launches FuzzBench service to benchmark fuzzing tools - Google has announced FuzzBench, a free service “for painlessly evaluating fuzzers in a reproducibl... more: https://nakedsecurity.sophos.com/2020/03/05/google-launches-fuzzbench-service-to-benchmark-fuzzing-tools/ #securitythreats #fuzzbench #honggfuzz #libfuzzer #eclipser #oss-fuzz #fuzzers #fuzzing #google #qsym #afl