In this blogpost we highlight the importance of continuity in fuzzing based on a recent experience with a security critical DoS issue in Go-Ethereum,
Fluent Bit is an open source log processor and part of the Cloud Native Computing Foundation. This fall the Linux Foundation partnered with Ada Logics to integrate automated vulnerability analysis of the Fluent Bit project. Ada Logics integreated sixteen fuzzers into Fluent Bit, found more than 30 bugs, fixed many of them and also integrated continuous fuzzing into the project. This post covers the project and the results of the engagement.
In this article we will get started with go-fuzz, which is a popular open source fuzzing engine for Go applications. Fuzzing is currently gaining popularity due to its efficiency in finding bugs and vulnerabilities, and in this article you write your first fuzzer for a real-world program.
In this post we present four videos that cover the KLEE tool. KLEE is a symbolic execution engine that can be used to automate test-case generation as well as be used to find bugs
In this blog post we share some brief insights into the code produced three popular binary-to-llvm translators. We do so through an empirical comparison between the LLVM code created by the three different translators when matched with the same binary code samples.
In the last few years there has been a significant interest in code injection techniques from both attackers and defenders. These techniques enable the attacker to execute arbitrary code within the address space of some target process (which is why code injections are also called process injections often). The attacker uses code injections to improve stealth and evade anti-malware products, and sometimes even to achieve persistence. Attackers, both malware and red teamers, increasingly use these techniques to bypass anti-malware systems and endpoint protection systems in order to execute their payloads
In the last decade there has been many improvements in fine-grained analysis techniques that focus on automating reverse engineering. The PANDA reverse engineering framework is particularly interesting in this context, as it is a mature framework that offers the foundation needed to develop fine-grained dynamic analysis tools, which has a large number of applications such as malware analysis, vulnerability discovery and root-cause analysis. In this blogpost series we will introduce the reader how to get started with the PANDA reverse engineering framework in order to create sophisticated dynamic program analysis tools.