t3_1gfnns7

Using AFL++ on bug bounty programs: an example with Gnome libsoup (2024.10.30)

t3_1gd6sku

Understanding and Improving Coverage Tracking with AFL++ (2024.09.23)

t3_1gd4qo6

Fuzzing: On the Exponential Cost of Vulnerability Discovery (Paper, Nov 2020)

t3_1gbyubz

WhiteFox: White-Box Compiler Fuzzing Empowered by Large Language Models (paper, 2024.10.24)

t3_1gawzvx

Using Nix to Fuzz Test a PDF Parser (Part One, 2024.10.23)

t3_1g8s7d3

I'm trying to fuzz a binary that accept only `.csv` extension files, otherwise it exit immediately.  Thus I set the `-e csv` value in honggfuzz:

`../honggfuzz/honggfuzz -i input_dir -x --save_all --output output/ -e csv -- ./fuzzme --info ___FILE___`

But when I check among the processes I see that the binary is executed with the file description and not with the file with the extension `.csv` as I would wish:

`root 4680 0.0 0.0 188524 6420 ? Rs 17:05 0:00 ./fuzzme --info /dev/fd/1021`

Do you know how do I force honggfuzz to execute the binary with a file with extension csv as argument?

<div class="md"><p>I&#39;m trying to fuzz a binary that accept only <code>.csv</code> extension files, otherwise it exit immediately.  Thus I set the <code>-e csv</code> value in honggfuzz:</p>

<p><code>../honggfuzz/honggfuzz -i input_dir -x --save_all --output output/ -e csv -- ./fuzzme --info ___FILE___</code></p>

<p>But when I check among the processes I see that the binary is executed with the file description and not with the file with the extension <code>.csv</code> as I would wish:</p>

<p><code>root 4680 0.0 0.0 188524 6420 ? Rs 17:05 0:00 ./fuzzme --info /dev/fd/1021</code></p>

<p>Do you know how do I force honggfuzz to execute the binary with a file with extension csv as argument?</p>
</div>

Honggfuzz, set extension of file

t3_1g8jbby

Sfuzz - High Performance Coverage-guided Greybox Fuzzer with Custom JIT Engine (2022 June)

t3_1g7thej

Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller (2024.04.25)

t3_1g7th9d

Finding JIT Optimizer Bugs using SMT Solvers and Fuzzing (2022.12.11)

t3_1g6kise

[https://www.mayhem.security/blog/cve-2024-28578-test-third-party-image-libraries-with-mayhem](https://www.mayhem.security/blog/cve-2024-28578-test-third-party-image-libraries-with-mayhem)



<div class="md"><p><a href="https://www.mayhem.security/blog/cve-2024-28578-test-third-party-image-libraries-with-mayhem">https://www.mayhem.security/blog/cve-2024-28578-test-third-party-image-libraries-with-mayhem</a></p>
</div>

Finding and exploiting CVE-2024-28578 with fuzzing

MoonLight-SteinsGate/Stalker - Stalker is an efficient hardware-assisted greybox fuzzer based on AFL and Arm CoreSight.

https://g0ku704.github.io/2024/08/13/mdf4_parser_vuln_CVE-2024-41445.html


<div class="md"><p><a href="https://g0ku704.github.io/2024/08/13/mdf4_parser_vuln_CVE-2024-41445.html">https://g0ku704.github.io/2024/08/13/mdf4_parser_vuln_CVE-2024-41445.html</a></p>
</div>

Finding a Heap Buffer Overflow in the ASAM MDF Library Used in ADAS Systems with AFL++

CVE-2024-31227: Finding a DoS Vulnerability in Redis

googleprojectzero/SockFuzzer v3

Fuzzing with AFL | Part 1: Trying Harder(Redis) (2022.03.10)

Meta Bug Bounty — Fuzzing “netconsd” for fun and profit — part 1

Lessons from the buzz - What have we learned from fuzzing the eBPF verifier (Google, Slides, Sept 2024)

LLM-based Fuzz Harness generation with OSS-Fuzz-gen

LLM-based Fuzz Harness generation with OSS-Fuzz-gen (Youtube, 2024.09.18)

Reasons for the unreasonable success of fuzzing (Halvar Flake, Google Slides)

Fuzzing from First Principles with Alisa Esage (Xvideo)

AFL++: Combining Incremental Steps of Fuzzing Research (2020)

When Revisiting is Wrong! Rebuttal: Revisiting Neural Program Smoothing for Fuzzing (2024.09.06)

Revisiting Neural Program Smoothing for Fuzzing (2023.09.28)

Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example

Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing (2024.08.28)

Meta Bug Bounty — Fuzzing “netconsd” for fun and profit — part 1 (2024)

Fuzzing IoT Devices Using the Router TL-WR902AC as Example (2024)

angr for real-world use cases (2024.06.30)

Brum3ns/firefly: Black box fuzzer for web applications

Fuzzing scripting languages' interpreters' native functions using AFL++ to find memory corruption and more (2024.06.27)

Fuzzing resources: 

* [List of fuzzing resources](https://github.com/wtsxDev/Fuzzing-resources) (up to 2017)

* [A curated list of fuzzing resources](https://github.com/secfigo/Awesome-Fuzzing)

* [Recent papers related to fuzzing](https://github.com/fengjixuchui/FuzzingPaper) (up to 2019)

* [Recent Papers Related To Fuzzing](https://github.com/wcventure/FuzzingPaper)

<div class="md"><p>Fuzzing resources: </p>

<ul>
<li><p><a href="https://github.com/wtsxDev/Fuzzing-resources">List of fuzzing resources</a> (up to 2017)</p></li>
<li><p><a href="https://github.com/secfigo/Awesome-Fuzzing">A curated list of fuzzing resources</a></p></li>
<li><p><a href="https://github.com/fengjixuchui/FuzzingPaper">Recent papers related to fuzzing</a> (up to 2019)</p></li>
<li><p><a href="https://github.com/wcventure/FuzzingPaper">Recent Papers Related To Fuzzing</a></p></li>
</ul>
</div>

<div class="md"><p>About fuzz testing and anything which seems related to it.</p>
</div>

All things fuzzing and related.

2,607 Subscribers

Honggfuzz, set extension of file

Finding and exploiting CVE-2024-28578 with fuzzing

Finding a Heap Buffer Overflow in the ASAM MDF Library Used in ADAS Systems with AFL++

LLM-based Fuzz Harness generation with OSS-Fuzz-gen (Youtube, 2024.09.18)