Josh Bundt

@wclaymoody At least this isn't my son's favorite numerical sighting these days!

The score only held for a few minutes but it was leet while it lasted. Trevor is showing off today.

Introducing ARTIPHISHELL! An LLM-Based Cyber Reasoning System made by @shellphish that autonomously finds and patches vulnerabilities for the @DARPA AIxCC competition (support.shellphish.net)

@dillon_franke @shmoocon Awesome, thanks so much!

@DynaWhat @shmoocon @DynaWhat The slides from my talk are now available here! dillonfrankesecurity.com/FuzzingAtMachS…

Can’t wait to present my research on fuzzing MacOS IPC mechanisms this weekend @shmoocon! If you’re around, hit me up 🙂 Abstract: #machfuzzing" target="_blank" rel="nofollow noopener">shmoocon.org/schedule#machf…

I’ve never experienced anything like #ArmyNavy. This is an unbelievable atmosphere.

The blog post about the libwebp vulnerability fuzzing is up, it explains how I set up the experiment, how the crash was found and why oss-fuzz was not able to find it: srlabs.de/blog-post/adva… #fuzzing @metzmanj

Dropping #Downfall, exploiting speculative forwarding of 'Gather' instruction to steal data from hardware registers. #MeltdownSequel - Practical to exploit (POC/Demo) - Defeat all isolation boundaries (OS, VM, SGX) - Bypass all Meltdown/MDS mitigations. downfall.page

Open Source Insights and OSS-Fuzz are now interconnected. You can see an OSS-Fuzz project's fuzzing coverage (Code coverage, configuration, etc) right inside deps.dev. Read more at blog.deps.dev/oss-fuzz/

introducing “Implement DNS in a Weekend” jvns.ca/blog/2023/05/1…

We are excited to share a #PluginFocus blog post from @sk3wl – the author of the IDA Pro Book! In this article, he introduces his #SK3wldbg plugin. It is worthwhile reading it 🌐 hex-rays.com/blog/plugin-fo… #IDAPro #IDAPython #IDAPlugin

6 yrs since @Google OSS-Fuzz started, reached 850 projects, fixed 8,800 vulns & 28,000 stability bugs & next we are bumping up OSS-Fuzz rewards: more reward categories for improving coverage and horizontal leet rewards for impacting hundreds of projects - security.googleblog.com/2023/02/taking…

New #OSSFuzz stats: 📅: 6 years 📈: 850 projects 🕷️: 8.8k vulns 🐞: 28k bugs Amazing work from the #GOSST team! security.googleblog.com/2023/02/taking…

The OSS-Fuzz and FuzzBench team is helping to run the SBFT'23 fuzzing competition this year! sbft23.github.io/tools/fuzzing Please submit an entry if you're interested in participating! Entries for expressing interest close on Jan 13.

Army wins! Final score: Army 20 - Navy 17 *Sing Second! #ArmyNavyGame #SingSecond #GoArmyBeatNavy #BEATnavy @SecArmy @ArmyChiefStaff @USMA_Admissions @USArmy @1stArmoredDiv @ArmyNavyGame @WPAOG @ArmyWP_Football @DMI_West_Point @USArmySMA @

It's #BEATAIRFORCE Week! 🇺🇸 ⚔️ - Compelling lessons about US Air Force Academy history according to the Dean of the Academic Board #WestPoint! #GoArmy @DeanUsma | @Commandant_USMA | @USArmy | @SecArmy | @ArmyChiefStaff | @1stCavalryDiv | @AF_Academy | @GoArmyWestPoint

If you are willing to put your fuzzer to the test, SBFT'23 will host a 🚨FUZZING COMPETITION🚨 If you would like to know how to participate, look at the instructions: sbft23.github.io/tools/fuzzing #ICSE2023 #ICSE23 #SBFT2023 #SBFT23 #Fuzzing #FuzzTesting

A couple months overdue, here's the open source release of Concurrence, my new fuzzing library for thread-based targets. Integration code to SockFuzzer, plus Mach process/IPC/VM/etc. support are coming soon. Check it out at github.com/googleprojectz…

@moyix This is sourced from Capstone github.com/SoftSec-KAIST/…

Suppose I wanted to get a rough sense of which (statically linked) programs did the most "floating point stuff" using SSE. Is grepping the disassembly for xmm[0-9] and dividing by the total number of instructions a reasonable approach?