Building Fast Fuzzers That Suck™️ avatar is by Ching Yeh: bibliogram.fdn.fr/chingyeh005/

U.S. East Coast
Joined October 2018
h0mbre retweeted
Earlier today, I pushed a blog post for the 2017 HackTheBox machine Jail. With that, 0xdf.git.lab.io has a blog post for every retired @hackthebox_eu machine. To celebrate, a thread on about my blog, including some stats, goals, and a thank you. 🧵 1/13
16
45
3
279
Show this thread
ah yes a SEGFAULT during a `vpcmpeqb` instruction, classic. definitely know it well, as we all do
4
1
41
uh huh, yeah, a YMMWORD PTR, definitely
2
12
to make sure all my fuzzcases for these binary tgts exit at the same place for snapshot fuzzing, ive been LD_PRELOAD'ing an .so that mmaps some executable NOPs then calls atexit() in the constructor that points to the NOPs, its very handy just throwing it out there
1
2
20
h0mbre retweeted
My colleague (who is not on Twitter) is looking for a new job. She is searching for a position doing offensive tool development with some exploit dev and generally interesting work. Ideally remote. ~5 YOE in offsec. Anyone know of something that might be a good match?
24
65
157
Entirely shameless self plug and also not Machine learning by any stretch. However, it actually does a very primitive form of grammar inference. And the best thing is: on a reasonable subset of grammar-like targets, it actually adds value to fuzzers ;) usenix.org/system/files/sec1…
3
11
SO ?: how to generically convert byte slices into integers in a function? accepted answers: unsafely!
5
1
3
when you read a spec and implement a parser for it and then realize everyone's stuff is messed up >>>
3
6
1
80
linux errors rule
2
39
i am once again learning how to parse an ELF
11
2
2
141
pop punk + halo 2
1
1
h0mbre retweeted
I have finally got internet set up in my apartment and I'm long overdue for a stream so please join me tomorrow at 14:00 UTC while I, together with my special guest Aapo, try to solve some #CTF challenges from the 2021 Gen Z Hack Challenge: invidious.fdn.fr/oL2Dax5kkvU
2
3
29
Show this thread
not fully implemented, but definitely reached a great stopping point for a while. using the basics outlined in the paper (not touching checksums or edge case handling), i got a massive gain. No Redqueen: 120 hrs to reach n coverage Redqueen: 6 hrs to reach n coverage
finally starting to implement my own version of redqueen: ndss-symposium.org/ndss-pape… only 3 years late, such a great idea and paper
2
1
22
h0mbre retweeted
twitter is JIRA for intrusive thoughts
26
291
29
1,465
fuzzing binary only stuff is fine, whatever, but triaging the crashes so you can patch the shallow bugs to keep fuzzing sucks so bad
4
1
43
coworker: all of this code right here is super repetitive, lets refactor all of these into a single function me: yeah thats my bad, i generated all that code with a format string in Python then pasted it in
1
12
h0mbre retweeted
If you love python jails, the ENOJAIL at @nullcon CTF is still without solves. nc 52.59.124.14:14170
5
6
29
h0mbre retweeted
Today I am releasing the final post of a 3 part series on “modern” browser exploitation targeting Windows. In this post we port our exploit primitives to Edge itself & combine 12 ROP chains in order to defeat ACG, CIG, DEP, ASLR, CFG, "no child processes" connormcgarr.github.io/type-…
10
234
11
665
Show this thread
me: my fuzzer didnt find any bugs on its maiden voyage, not surprising just thought there'd be one @epi052: try changing the command line args up some (10 mins later)
4
24
just anecdotal nonsense but i keep seeing my fuzzer find new coverage with the mutation strategy of randomly selecting some bytes and either incrementing them by one, or decrementing them by one. seems to be a good idea
1
7