UNCOVERING VULNERABILITIES IN CRYPTOGRAPHIC LIBRARIES: MAYHEM, MATRIXSSL, AND WOLFSSL
Introduction As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? First there is the obvious: SSL, TLS, and related protocols managed by these libraries ... Read More
Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)
Introduction As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? First there is the obvious: SSL, TLS, and related protocols managed by these libraries ... Read More
Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)
Introduction As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? First there is the obvious: SSL, TLS, and related protocols managed by these libraries ... Read More
Uncovering vulnerabilities in Cryptographic libraries: Mayhem, Matrixssl, and WolfSSL
Introduction As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries ... Read More
Live Streaming Security Games
Aside from our cool research , ForAllSecure also works on creating fun and engaging games to promote computer security. Just about every employee in our company has been involved in Capture the Flag exercises for the past several years, and we have been hosting these online events for our customers ... Read More
Unleashing The Mayhem CRS
In June, ForAllSecure participated in DARPA's Cyber Grand Challenge (CGC) Qualification Event (CQE) 1 . During the event our automated system tweeted its progress, and to continue the trend of openness, we decided to publish a writeup of some more details about our system. Our team, Thanassis Avgerinos, David Brumley, ... Read More
New Year, New Website, And New Blog!
Although we have been very busy at ForAllSecure, we finally got the time to redo our website, huzzah! This website is a bit more pleasing on the eyes, and we hope to add more up-to-date information about our projects and what we're up to. Part of this refresh is also ... Read More
