Tyler

Apple has become a true disgrace.

The junior dev asked the senior dev “why are you pushing this code with no abstraction? What if you want to change it in the future?” The senior dev responded “then I will change it in the future” In that moment the junior dev was enlightened

@robertswiecki @mboehme_ I think there's still tons of work to do in harnessing complex targets E2E. Automatically extracting unit-test style harnesses for individual functions from a E2E, whole-process harness (think chrome, acrobat etc) would be a huge improvement and likely won't require ML/solvers

@is_eqv @dvyukov Great point and Nyx-Net is an amazing work! When your input is a sequence of things, in order to maximize execs/sec you probably reduce the length of your sequences at the cost of missing interesting states reached only via long sequences. 1/2

So much for staged rollouts…

GNU Debugger GDB 15.1 Brings Better Python Support phoronix.com/news/GDB-15.1-…

@jvanegue @TechAtBloomberg DM me (your DMs are closed)

We’re looking for software security experts to join us full time at @TechAtBloomberg ! If you love fuzzing, static analysis and security research, please reach out! :)

The fact that @Starbucks has this sign but no paper towels has bothered me for years

download.vusec.net/papers/snappy_… <- cool paper on snapshot fuzzing! TL;DR: "taint trace how the input is used, snapshot at the point where it actually affects things". I think placing snapshots deeper in the code is how we automatically get "libfuzzer-perf" on "Nyx-complexity"-targets.

@seanhn @bas_van_schaik This was the idea behind @cetfor's PaperMachete, which is a pretty cool POC. I think that newer features in binja and performance improvements in the graph database could really help build on the approach

@bas_van_schaik Yep, what I am hoping to find though is something similar to CodeQL but for binaries. I have a property that I can, in theory, search for in source, but it would be way cleaner if I could express it over assembly code.

Just making sure I haven't missed something: There's no 'CodeQL, but for binaries', right? i.e. some sort of binary to database importer + a declarative datalog-esque language to describe search patterns.

Speaking of making #fuzzing more effective, we've extended #jazzer's API to give the fuzzer new signals depending on the program state. @fhenneke created an example showing how this helps #jazzer to solve the maze game discussed in the #IJON paper. GitHub: github.com/CodeIntelligen…

Our software engineer Boyan Milanov introduces Maat, a low-level symbolic execution framework based on Ghidra's IR language p-code. blog.trailofbits.com/2022/02/23/maa…

Y'all should be striving to fuzz the binaries you run in prod, not some random cut out function in a hot loop without the rest of the system. Snapshot fuzzing is kind of the only way.

Now @Fidelity is asking for full account password over the phone using the numpad and symbols as stars. Best-case scenario is massively reduced search space for bruteforcing passwords in the event of a breach. What about phone auth is so challenging?

@attrc @BSaltaformaggio @moyix @pagabuc OG from Georgia Tech ether.gtisc.gatech.edu/ether_ccs_2008…

I am looking for resources (papers, blog posts, tools) related to static/dynamic program analysis that has the goal of getting malware to execute real payloads in non-intended environments (sandboxes, VMs, emulators). RTs appreciated! @BSaltaformaggio @moyix @pagabuc #DFIR

Since “Real ID” is trending, I thought I’d share something that has always amused me: the only documentation difference required for a Real ID vs a standard ID can essentially be “privilege escalated” by getting the standard ID and using the standard ID to get the Real ID.

@creaturebeer Boston

We’re excited to announce we are expanding our distribution footprint outside of Georgia for the first time! Be on the lookout for our beer in the Charleston and Hilton Head Island markets mid-May.

Selected machine learning attacks; first in a series. 1. Cyberpunk 2. Looney Tunes 3. Magritte 4. Witchcraft

@GHSecurityLab @Nosoynadiemas Unique domains != server instances. 300,000,000 should be more like 10,000,000.

Learn how to take aim at HTTP attack surfaces in @Nosoynadiemas series on fuzzing the Apache Web Server github.co/2OdR2SK

Congratulations to the AFL++ team (@hackerschoice @andreafioraldi @domenuk + others) for officially replacing afl-fuzz in the Google OSS-Fuzz platform that continuously fuzzes hundreds of critical opensource packages. AFL++ improvements are remarkable! github.com/google/oss-fuz…