Blog
RESEARCH – CVE-2024-6773 – Type confusion in v8
V8 Turboshaft Load Elimination Type Confusion Vulnerability (CVE-2024-6773)Exploitable Memory Corruption via Garbage Collection Race Condition Executive Summary A critical type confusion vulnerability (CVE-2024-6773) was discovered in V8’s Turboshaft compiler optimization pipeline. The flaw allowed stale… Read More »RESEARCH – CVE-2024-6773 – Type confusion in v8
The Art of Fuzzing: Harnessing Libraries for Effective Fuzzing
Harnessing Libraries for Effective Fuzzing Intro Every security researcher or fuzzer enthusiast dreams of a program that takes a file as input, achieves deep coverage, and executes with lightning speed. Unfortunately, in the real world,… Read More »The Art of Fuzzing: Harnessing Libraries for Effective Fuzzing
RESEARCH – OBJDUMP -CVE-2024-53589
Buffer Overflow in GNU Binutils objdump tekhex Parser Description A buffer overflow vulnerability exists in GNU Binutils’ objdump utility when processing tekhex format files. The vulnerability occurs in the Binary File Descriptor (BFD) library’s tekhex… Read More »RESEARCH – OBJDUMP -CVE-2024-53589
RESEARCH – 7zip – CVE-2024-11612
Last summer I decided to look into fuzzing 7zip. I gathered an interesting corpus of archive file with all 7z supported formats and started a fuzzing campaign with AFL++. After a few days of running,… Read More »RESEARCH – 7zip – CVE-2024-11612
The art of fuzzing: Windows Binaries
Author: 2ourc3 Introduction Today we are gonna dive into grey-box fuzzing by testing closed source Windows binaries. This type of fuzzing allows one to fuzz a target without having access to its source code. Why… Read More »The art of fuzzing: Windows Binaries
The art of Fuzzing: Introduction.
This fuzzing introduction cover all the essentials one should know about the art of fuzzing. It explain major concept and illustrate it with and hands-on exercise the reader can follow. In conclusion some hints are given on how to hunt for bugs with fuzzing