Ada Logics blog
Software security, reseach and online training
The importance of continuity in fuzzing - CVE-2020-28362
Fuzzing, Go-ethereum, Golang

In this blogpost we highlight the importance of continuity in fuzzing based on a recent experience with a security critical DoS issue in Go-Ethereum, CVE-2020-28362.

Securing Open Source: Fuzzing integration, vulnerability analysis and bug fixing of Fluent Bit
Fuzzing, vulnerability analysis, open source security, Cloud Native Computing Foundation

Fluent Bit is an open source log processor and part of the Cloud Native Computing Foundation. This fall the Linux Foundation partnered with Ada Logics to integrate automated vulnerability analysis of the Fluent Bit project. Ada Logics integreated sixteen fuzzers into Fluent Bit, found more than 30 bugs, fixed many of them and also integrated continuous fuzzing into the project. This post covers the project and the results of the engagement.

Getting started with go-fuzz
Online training, Fuzzing, go-fuzz

In this article we will get started with go-fuzz, which is a popular open source fuzzing engine for Go applications. Fuzzing is currently gaining popularity due to its efficiency in finding bugs and vulnerabilities, and in this article you write your first fuzzer for a real-world program.

Symbolic execution with KLEE: From installation and introduction to bug-finding in open source software.
Online training, Symbolic execution, program analysis, automated testing, bug-discovery, vulnerability analysis.

In this post we present four videos that cover the KLEE tool. KLEE is a symbolic execution engine that can be used to automate test-case generation as well as be used to find bugs

Comparison of the LLVM IR generated by three binary-to-llvm translators
LLVM, Program analysis, binary analysis, intermediate representation

In this blog post we share some brief insights into the code produced three popular binary-to-llvm translators. We do so through an empirical comparison between the LLVM code created by the three different translators when matched with the same binary code samples.

The state of advanced code injections
Code injection, reverse engineering, evasive malware

In the last few years there has been a significant interest in code injection techniques from both attackers and defenders. These techniques enable the attacker to execute arbitrary code within the address space of some target process (which is why code injections are also called process injections often). The attacker uses code injections to improve stealth and evade anti-malware products, and sometimes even to achieve persistence. Attackers, both malware and red teamers, increasingly use these techniques to bypass anti-malware systems and endpoint protection systems in order to execute their payloads

Building a custom malware sandbox with PANDA - Part 1
Malware, Sandboxing, PANDA

In the last decade there has been many improvements in fine-grained analysis techniques that focus on automating reverse engineering. The PANDA reverse engineering framework is particularly interesting in this context, as it is a mature framework that offers the foundation needed to develop fine-grained dynamic analysis tools, which has a large number of applications such as malware analysis, vulnerability discovery and root-cause analysis. In this blogpost series we will introduce the reader how to get started with the PANDA reverse engineering framework in order to create sophisticated dynamic program analysis tools.