USENIX Security ’23 – DDRace: Finding Concurrency UAF Vulnerabilities in Linux Drivers with Directed Fuzzing
Authors/Presenters: *Ming Yuan and Bodong Zhao, Penghui Li, Jiashuo Liang, Xinhui Han, Xiapu Luo, Chao Zhang* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations ...
Why fuzzing over formal verification?
By Tarun Bansal, Gustavo Grieco, and Josselin Feist We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal ...
How we applied advanced fuzzing techniques to cURL
By Shaun Mirani Near the end of 2022, Trail of Bits was hired by the Open Source Technology Improvement Fund (OSTIF) to perform a security assessment of the cURL file transfer command-line ...
USENIX Security ’23 – Dawei Wang, Ying Li, Zhiyu Zhang, Kai Chen – CarpetFuzz: Automatic Program Option Constraint Extraction from Documentation for Fuzzing
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and ...
USENIX Security ’23 – Hui Peng, Zhihao Yao, Ardalan Amiri Sani, Dave (Jing) Tian, Mathias Payer – GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and ...
Continuously fuzzing Python C extensions
By Matt Schwager Deserializing, decoding, and processing untrusted input are telltale signs that your project would benefit from fuzzing. Yes, even Python projects. Fuzzing helps reduce bugs in high-assurance software developed in ...
USENIX Security ’23 – Junjie Wang, Zhiyi Zhang, Shuang Liu, Xiaoning Du, Junjie Chen – FuzzJIT: Oracle-Enhanced Fuzzing for JavaScript Engine JIT Compiler
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and ...
USENIX Security ’23 – Nils Bars, Moritz Schloegel, Tobias Scharnowski, Nico Schiller, Thorsten Holz – Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge
Distinguished Paper Award Winner and Runner-Up Winner of the 2023 Internet Defense Prize Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to ...
Master fuzzing with our new Testing Handbook chapter
Our latest addition to the Trail of Bits Testing Handbook is a comprehensive guide to fuzzing: an essential, effective, low-effort method to find bugs in software that involves repeatedly running a program ...
Google Pushes Software Security Via Rust, AI-Based Fuzzing
Google is making moves to help developers ensure that their code is secure. The IT giant this week said it is donating $1 million to the Rust Foundation to improve interoperability between ...