Puzzor

396 posts

Puzzor

@Puzzorsj

PhD/Fuzzing/USENIX Security/MVSR 2020/Pwn2Own 2020/MSRC Top100 2016,2017/GeekPwn 2017

Katılım Ağustos 2012

624 Takip Edilen995 Takipçiler

Puzzor@Puzzorsj·12 May

twitter.com/puzzorsj/statu…

Caroline Lemieux@cestlemieux

This ICSE'22 paper brings up a very important point in fuzzer evaluation --- the observation that spending more time in the more destructive, "havoc" mutation stage, can lead to higher observed coverage shadowmydx.github.io/papers/icse22-… 1/n

ZXX

Puzzor retweetledi

Thuan Pham@thuanpv_·13 Şub

Can't agree more: "A comparison to other fuzzers may be conducted optionally if the authors wish to establish the new fuzzer as the new state-of-the-art. However, note that the observed improvements may be largely due to design and engineering differences (e.g.,Honggfuzz vs AFL)"

Marcel Böhme👨‍🔬@mboehme_

Good news! Our ICSE'22 paper "On the Reliability of Coverage-Based Fuzzer Benchmarking" is freely available as Gold Open Access. Check out our discussions and recommendations in Sections 6 & 7 📝 mboehme.github.io/paper/ICSE22.p… 👩‍💻 doi.org/10.5281/zenodo… by/with @lszekeres & @metzmanj

English

Puzzor@Puzzorsj·29 Ara

@zenhumany 是的没错

中文

zenhumany@zenhumany·29 Ara

@Puzzorsj 企业里有大量的代码需要fuzzing，完成手工编写testcase，fuzzer driver人手不够；目前这些都有一些自动化的初步解决方案，但是都是针对简单的情况，对于一些复杂的场景，要完全做到自动化还是很有挑战的，值得投入人力去做。

中文

zenhumany@zenhumany·28 Ara

年底了，发一个蔚来汽车的安全岗位。欢迎投简历，可年后入职。 base 上海或者北京。高级工程师或专家（fuzzing工具与平台开发） nio.jobs.feishu.cn/referral/m/pos…

中文

Puzzor@Puzzorsj·26 Ağu

I appreciate this work very much. Especially it points out the deterministic problem. IMHO, most of the Evaluations in existing works ignore this, and I even consider this might be a "trick" to get better performance

Abhishek Arya@infernosec

Results from @Google #FuzzBench: An Open Fuzzer Benchmarking Platform and Service is now published in ESEC/FSE’21 (thanks to the authors - @metzmanj, @lszekeres, @lsim99, @sprabery and me :). Check it out here - research.google/pubs/pub50600/

English

Puzzor@Puzzorsj·26 Tem

@thuanpv_ @rnatella @issta_conf Hi Pham, I meet a problem with aflsmart, I saw there is a similar issue in github.com/aflsmart/aflsm…, can you explain more about where it goes wrong in that input model file? thank you very much

English

Thuan Pham@thuanpv_·15 Tem

Roberto @rnatella and I are going to present #ProFuzzBench - our Benchmark for Stateful Protocol Fuzzing in the tool demonstrations track @issta_conf. Join us in two different time bands to discuss the opportunities and challenges in #fuzzing network protocol implementations!

English

Puzzor@Puzzorsj·9 Nis

@alisaesage congratulation!

English

Alisa Esage Шевченко@alisaesage·9 Nis

Official: I won Pwn2Own competition in the Virtualisation category. It’s an essential milestone in a professional hacker’s career, and a major goal personally. I am super hyped! And relieved Details of the exploit that I developed are now under embargo of responsible disclosure

English

106

1.9K

Puzzor@Puzzorsj·25 Şub

@_jsoo_ @trimosx wow handsome avatar

English

Puzzor retweetledi

Ivan Fratric 💙💛@ifsecure·26 Oca

Security researchers messaging each other after today

GIF

English

452

2.2K

Puzzor@Puzzorsj·14 Ara

@_jsoo_ working well for me😂

English

Puzzor@Puzzorsj·8 Kas

@pedrib1337 @westerndigital @RabbitPro @hi_im_d4rkn3ss 🥶🥶

QME

Pedro Ribeiro@pedrib1337·8 Kas

Western Digital pulled a trick on us and dropped a major OS 5 release for their NAS 5 days before Pwn2Own. Our RCE still works in the older, STILL SUPPORTED OS 3 release, and affects LOTS of other @westerndigital devices too. @RabbitPro and I should:

English

Puzzor@Puzzorsj·7 Kas

we are the first and the last team to demonstrate the exploit. Nice work & team. btw, our bug for WD NAS is dead before the match, or we can try to get master of pwn😂 anyway, not bad, thank you all guys🥰

TrendAI Zero Day Initiative@thezdi

Confirmed! The team of @starlabs_sg, @hi_im_d4rkn3ss, @Puzzorsj & @c3xp1r used a race condition and an OOB read to get root access on the Synology NAS. They close out the contest by earning $20,000 and 2 Master of Pwn points.

English

Puzzor@Puzzorsj·6 Kas

MSRC sent an email saying that they will provide a 1-year license for Visual Studio Enterprise subscription for those 2020 MSRC Most Valuable Security Researchers. Very nice of them, thanks :) @msftsecresponse

English

Puzzor retweetledi

TrendAI Zero Day Initiative@thezdi·5 Kas

Success! We kick off #Pwn2Own Tokyo (Live From Toronto) with a successful demonstration from he team of @starlabs_sg, @hi_im_d4rkn3ss, @Puzzorsj and @c3xp1r. They head off to the disclosure room to provide all the details of their exploit chain. #P2OTokyo

GIF

English

Puzzor@Puzzorsj·5 Kas

@_jsoo_ @hi_im_d4rkn3ss @c3xp1r 😘😘😘

QME

Puzzor@Puzzorsj·27 Eyl

@mboehme_ what's the parameter of AFL?

English

Marcel Böhme👨‍🔬@mboehme_·26 Eyl

Coverage of the call graph (with the root on top) when #fuzzing freetype2 for 24 hours with AFL and Honggfuzz.

GIF

English

Marcel Böhme👨‍🔬@mboehme_·26 Eyl

Fuzzer coverage over time (#Honggfuzz vs #AFL on Freetype2 in 24h). Call graph. Green nodes are covered in all 20 trials. Orange/yellow nodes are covered in at least one trial. Grey nodes are not covered in any trial. Data from @stephanlipp. Inspired by @gamozolabs cookie_dough.

GIF

English

133

Puzzor retweetledi

Mathias Payer@gannimo·29 Tem

CCS delivers again: three CCS second round papers, all hard rejected with very harsh reviews. All three had person years of improvements added to their previous submissions. I'm not sure what to do with CCS anymore.

English

Puzzor@Puzzorsj·30 Tem

cool

English

Puzzor@Puzzorsj·27 Tem

@_jsoo_ 哈哈哈哈好！等我去喝酒😋😋

日本語

Puzzor@Puzzorsj·27 Tem

@_jsoo_ 很强！

中文

Keşfet

@zenhumany @thuanpv_ @rnatella @issta_conf @alisaesage @_jsoo_ @trimosx @pedrib1337