Blog
Insights and discoveries from the world of cybersecurity, fuzzing, blockchain security, and vulnerability research. Sharing knowledge from years of security engineering experience.
Part 3 of 3. What a clean multi-way negative does and doesn't prove — the methodology's blind spots — plus the takeaway and how to reproduce the work.
Read full articlePart 2 of 3. G1, a §7.3 hash-check gap in BoringSSL found by reading rather than fuzzing; the assurance-coverage share across the encrypted web; who each finding affects; and the Compress/Decompress clean sweep.
Read full articlePart 1 of 3. One in twelve web connections rides X25519MLKEM768. I wired the five ML-KEM libraries behind it into one diff-fuzz harness — and it caught F1, a FIPS 203 §7.2 modulus-check bypass in CIRCL's expanded-SK parser.
Read full articleUnderstanding and implementing the Arbitrary trait in Rust for property-based testing and fuzzing applications.
Read full articleTechniques for fuzzing the Boost Filesystem library, including harness development and bug discovery.
Read full articleExploring custom protocol buffer mutation strategies for more effective fuzzing of protocol-based applications.
Read full articleDevelopment of a protocol buffer-based fuzzer for mruby using structure-aware fuzzing techniques.
Read full articleAnalysis of libprotobuf-mutator (LPM) and its application in structure-aware fuzzing for protocol buffer formats.
Read full articleTechniques and experiences fuzzing mruby, the lightweight Ruby implementation, including harness development.
Read full articleExploring differential fuzzing techniques for elliptic curve cryptography implementations to find implementation bugs.
Read full articleAnalysis of Trail of Bits' Slither static analysis framework for Solidity smart contracts.
Read full articleGuide to preparing and integrating open-source projects with Google's OSS-Fuzz continuous fuzzing platform.
Read full articleSummary and analysis of significant security and privacy papers, highlighting key research developments in the field.
Read full articleDeep dive into fuzzing techniques for the Solidity compiler, exploring automated testing methods for smart contract compilation.
Read full articleApplying Good-Turing frequency estimation to fuzzing for better input generation and coverage optimization.
Read full articleMethods for creating and evaluating dictionaries to improve fuzzing effectiveness and code coverage.
Read full articleExperience and insights from integrating tcpdump into Google's OSS-Fuzz continuous fuzzing platform.
Read full articleComparative analysis of libFuzzer and AFL-fuzz, two popular fuzzing frameworks, examining their strengths and use cases.
Read full articleLeveraging taint analysis techniques to create more effective fuzzer test harnesses and improve vulnerability discovery.
Read full articleAn exploration of music theory concepts and their mathematical foundations, bridging the gap between art and science.
Read full articleDeep dive into analyzing and understanding crashes discovered through fuzzing, including crash triage and root cause analysis.
Read full articleTechniques for automatically inferring and understanding the input format requirements of programs for more effective testing.
Read full articleMethods and techniques for identifying and analyzing security vulnerabilities in distributed systems and network protocols.
Read full articleExploring fuzzing techniques for OpenvSwitch, a production-grade multilayer virtual switch designed to enable massive network automation.
Read full article