|
Max Moroz
@
Dor3s
|
|
@GoogleChrome security team, OSS-Fuzz.com.
@BalalaikaCr3w (& LC↯BC) CTF team.
Hopefully all tweets are mine.
|
|
|
1.456
Tweetovi
|
351
Pratim
|
1.860
Osobe koje vas prate
|
| Tweetovi |
|
Max Moroz
@Dor3s
|
31. sij |
|
Fake news!
But yeah, it's reportedly up to 48.50% when nothing fails, although coverage from blackbox fuzzers is being sampled: we take N random test cases out of M generated in a day, and M is much bigger than N. Very likely we can hit 50% if we use more and give it more time.
|
||
|
|
||
| Max Moroz proslijedio/la je tweet | ||
|
Kenn White
@kennwhite
|
31. sij |
|
Today I learned Google recently hit 50% fuzzing coverage in Chrome. Wow. twitter.com/arw/status/122…
|
||
|
|
||
| Max Moroz proslijedio/la je tweet | ||
|
Kostya Serebryany
@kayseesee
|
30. sij |
|
HWASAN (think of it as ASAN v2) has become available to developers on Android outside of Google. If you use C or C++ on Android, please give it a try. developer.android.com/ndk/guides/hwa…
HWASAN is also available on Aarch64 Linux with a recent kernel.
|
||
|
|
||
| Max Moroz proslijedio/la je tweet | ||
|
Andrew R. Whalley
@arw
|
28. sij |
|
Read what the @googleChrome and other @GoogleVRPs have been up to in 2019! security.googleblog.com/2020/01/vulner… pic.twitter.com/7NaXq01Ywa
|
||
|
|
||
| Max Moroz proslijedio/la je tweet | ||
|
Justin Schuh 🤬
@justinschuh
|
14. sij |
|
We shared an update today on our plans to phase out 3P tracking from the Web over the next two years. blog.chromium.org/2020/01/buildi…
|
||
|
|
||
|
Max Moroz
@Dor3s
|
12. sij |
|
Haha, wondering what shipping costs would look like, especially international :)
|
||
|
|
||
|
Max Moroz
@Dor3s
|
12. sij |
|
According to codemetrics.report, Chromium had the most commits in 2019 among open source projects: 109K.
On average, a new commit was landed every 5 minutes. Quite a challenge for any continuous process, given the size of the codebase and the variety of supported platforms.
|
||
|
|
||
|
Max Moroz
@Dor3s
|
2. sij |
|
Awesome work, but also a very sad reminder that we're still suffering from dumb integer overflows, unchecked memcpy arguments, and (believe it or not) lack of the NX bit! It's 2020 already and stuff doesn't get less scary. twitter.com/keen_lab/statu…
|
||
|
|
||
|
Max Moroz
@Dor3s
|
18. pro |
|
As far as I remember, a common reason we've heard is that people don't want to write harnesses and prefer fuzzing programs with main(). @metzmanj might remember more
|
||
|
|
||
|
Max Moroz
@Dor3s
|
14. pro |
|
|
||
|
|
||
|
Max Moroz
@Dor3s
|
14. pro |
|
And here are the slides from Fuzzing Bay Area meetup #2: github.com/MotherFuzzers/…
#fuzzing #bayarea #meetup twitter.com/mhlakhani/stat…
|
||
|
|
||
|
Max Moroz
@Dor3s
|
14. pro |
|
Mandatory reminder: don't fuzz while driving! twitter.com/metzmanj/statu… pic.twitter.com/3Dony9gmzk
|
||
|
|
||
| Max Moroz proslijedio/la je tweet | ||
|
Ivan Wallarm
@d0znpp
|
13. pro |
|
Please be aware of the new #GraphQL #security #risk called "Batching Attack" lab.wallarm.com/graphql-batchi…
|
||
|
|
||
| Max Moroz proslijedio/la je tweet | ||
|
Jonathan Metzman
@metzmanj
|
12. pro |
|
The video from my talk on structure-aware fuzzing at Black Hat was posted: youtube.com/watch?v=S8JvzW…
I mostly cover libprotobuf-mutator but also discuss libFuzzer custom mutators.
|
||
|
|
||
| Max Moroz proslijedio/la je tweet | ||
|
Abhishek Arya
@infernosec
|
11. pro |
|
Fuzzing always scale with developers and this is a small token of appreciation for their awesome efforts! pic.twitter.com/Ep77AOf83P
|
||
|
|
||
| Max Moroz proslijedio/la je tweet | ||
|
nedwill
@NedWilliamson
|
10. pro |
|
Learn how found and exploited SockPuppet for iOS 12.4, featuring a bonus collaboration with LiveOverflow! googleprojectzero.blogspot.com/2019/12/sockpu… youtube.com/watch?v=YV3jew…
|
||
|
|
||
| Max Moroz proslijedio/la je tweet | ||
|
Jonathan Metzman
@metzmanj
|
8. pro |
|
Last day to RSVP to attend the second Bay Area Fuzzer Meetup. Come hear my talk on fuzzing native code in-browser using WebAssembly! twitter.com/Dor3s/status/1…
|
||
|
|
||
| Max Moroz proslijedio/la je tweet | ||
|
Paul Dreik
@PaulDreik
|
8. pro |
|
Shoutout to programmers in Sweden:
Is there any interest in arranging a #fuzzing meetup?
There is one in the Bay area, far far away...
Please RT for reach.
|
||
|
|
||
| Max Moroz proslijedio/la je tweet | ||
|
Guido Vranken
@GuidoVranken
|
5. pro |
|
OpenSSL CVE-2019-1551: Incorrect consttime modular exponentation, found after 1.5 years of bignum fuzzing at OSS-Fuzz
github.com/openssl/openss…
|
||
|
|
||
|
Max Moroz
@Dor3s
|
5. pro |
|
The registration closes this Sunday. Make sure to RSVP if you're in the Bay Area on Dec 12th and want to talk / listen about fuzzing!
SPOILER: besides great content, there'll be swag, food, and drinks -- all free of charge :)
#fuzzing #bayarea #meetup twitter.com/Dor3s/status/1…
|
||
|
|
||