Lmst
Login

#fuzzing

N-gated Hacker Newsngate
2025-06-18

🚀✨ Oh wow, look out programmers, is going to magically make all your porting dreams come true by automating everything with – because who needs human skill when you can have a robot write your code, right? 🤖📜 But sure, let's trust the same clarity you get after a couple of beers. 🍻🥴
rjp.io/blog/2025-06-17-unreaso

Hacker Newsh4ckernews
2025-06-18

The Unreasonable Effectiveness of Fuzzing for Porting Programs

rjp.io/blog/2025-06-17-unreaso

kriware :verified:kriware@infosec.exchange
2025-06-17

Fuzzing WebSockets for Server‑Side Vulnerabilities

Research reveals a technique using the Backslash Powered Scanner extension to fuzz WebSocket endpoints and find server‑side bugs.

arete06.com/posts/fuzzing-ws/

#WebSocket #Fuzzing

Alexandre Borgesalexandreborges@infosec.exchange
2025-06-17

5Ghoul - 5G NR Attacks & 5G OTA Fuzzing:

(project): github.com/asset-group/5ghoul-

(paper): asset-group.github.io/papers/5

#telecom #infosec #cybersecurity #fuzzing #ota #5g #smartphones #mobile #mobilesecurity

5Ghoul - 5G NR Attacks & 5G OTA Fuzzing:
Alexandre Borgesalexandreborges
2025-06-17

5Ghoul - 5G NR Attacks & 5G OTA Fuzzing:

(project): github.com/asset-group/5ghoul-

(paper): asset-group.github.io/papers/5

5Ghoul - 5G NR Attacks & 5G OTA Fuzzing:
Sistema Antibullyingsistemantiacoso
2025-06-16

Elige qué gobierno totalitario ciberatacar
youtu.be/ye9ytwCcBeI

kriware :verified:kriware@infosec.exchange
2025-06-11

High-Performance Network Fuzzing with LibAFL and libdesock

Custom fuzzer using LibAFL and libdesock achieves 42x speedup over AFLNet via tokenized inputs and shared memory, uncovering new bugs.

lolcads.github.io/posts/2025/0

#Fuzzing #Network

Marco Ivaldiraptor@infosec.exchange
2025-06-10

Attacking #EDRs Part 4: #Fuzzing Defender's Scanning and Emulation Engine (mpengine.dll)

labs.infoguard.ch/posts/attack

danzindanzin
2025-06-07

So, what's next for fuzzing CPython with fusil?

The results point to interesting future ideas, including expanding fuzzing to new environments like subinterpreters, using more tools like Thread Sanitizer, and developing more advanced fuzzing techniques.

A huge thank you to everyone who contributed!

And thank you for reading!

P.S.: if you have a C/Rust extension, we can fuzz it too: mastodon.social/@danzin/114383

(5/5)

danzindanzin
2025-06-07

One finding I really like is the bug discovery pattern.

There wasn't a steady stream of bugs, but spikes of findings: 1st, a huge number of crashes as I started testing a CPython that hadn't been fuzzed by fusil in a decade.

Later, a new wave of issues tied to the addition of new features to the fuzzer, like support for "weird classes" and typing objects.

So periodic campaigns may have better cost-benefit than continuous fuzzing.

(4/5)

danzindanzin
2025-06-07

The credit for fusil's effective design goes all to Victor Stinner (@vstinner), who created it nearly two decades ago. It was responsible for finding release blockers way back in 2008. I just contributed a little to revive and enhance it.

Some enhancements included running generated code in threads and adopting new "interesting" objects and values as inputs, helping to discover more crashes.

(3/5)

danzindanzin
2025-06-07

All this was only possible due to the great response from the Python community.

Thanks to the developers efforts to triage, diagnose, and fix the problems, the campaign became a collaborative effort to improve Python.

The impact was considerable, mobilizing Core Devs and contributors to create 98 PRs to fix these bugs. The average time to fix an issue was about 20 days, with a median of just five days.

(2/5)

danzindanzin
2025-06-07

Happy to share the results of a fuzzing campaign targeting CPython that ran from Oct 2024 to May 2025. Using the fusil fuzzer, the goal was to find crashes and improve CPython's robustness.

I really like the results we got: the effort uncovered 52 unique crash-related issues. These reports approached 30% of all "type-crash" issues filed during that period. One of the crashes was classified as a Release Blocker, that was a nice result! :)

(1/5)

danzindanzin
2025-06-06

So, my technical report on fuzzing CPython with fusil is almost done.

I'd really appreciate some help categorizing the found issues by relevance/severity/importance or any other name for impact.

Do you have the chops to help with that? And do you have time and interest? Please get in touch if so! And please boost if you can :)

A plot, some tables, links to the report and some discussion are available in this thread:

discuss.python.org/t/feedback-

Advanced Fuzzing Leagueaflplusplus@infosec.exchange
2025-05-30

Guess who just released #LibAFL 0.15.3?
That's right, you all did! (thank you☺️)

Highlights:

  • better forkserver
  • scriptable Lua mutations
  • SIMD performance in stable rust
  • CmpLog and RISC-V for LibAFL_Unicorn
  • TMin for LibAFL_QEMU
  • Updated Sugar for easy fuzzing

github.com/AFLplusplus/LibAFL/

#fuzzing #AFLplusplus #LibAFL #update

buheratorbuherator@infosec.place
2025-05-25
Attacking EDRs Part 4: Fuzzing Defender's Scanning and Emulation Engine (mpengine.dll)

https://labs.infoguard.ch/posts/attacking_edr_part4_fuzzing_defender_scanning_and_emulation_engine/

Great to see snapshot #fuzzing successfully applied to another AV product!
kriware :verified:kriware@infosec.exchange
2025-05-21

Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages

Explores fuzzing macOS CoreAudio's Mach IPC to uncover sandbox escape vulnerabilities

googleprojectzero.blogspot.com

#macOS #Fuzzing

Jan :rust: :ferris:janriemer@floss.social
2025-05-18

#Fuzzing along in #CSVDiff :awesome:

In the second screenshot I've highlighted some interesting parts:

Key field indices are 2 and 3, so when diffing the records, where key fields are highlighted, they'll be compared as `Modify`, because:
- key fields are equal between left and right record
- other fields are unequal between left and right record

The other two records on the right have no corresponding left record - so those are `Add`ed records

#Rust #FuzzTesting #RustLang #PropertyTesting

A screenshot of my terminal that shows output of CSV records that have been generated by a fuzzing library, called bolero (in Rust). There is one `left` CSV record and three `right` CSV records. The fields of each record are composed of randomly generated bytes with different lengths. However, when looking at the second screenshot......one record on the left and the right stand out in that they share the same value in two fields at field index 2 and 3. One can see that those are the key fields of the CSVs, because at the very bottom of the terminal output, it says "key_fields: {3, 2}".
Sistema Antibullyingsistemantiacoso
2025-05-16

Tutorial Hacking Servidores
wiki.acosadores.net/doku.php?i

Hacker Newsh4ckernews
2025-05-14

Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages

googleprojectzero.blogspot.com

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst