A RSS feed containing all blog posts from the Ada Logics blog. https://adalogics.com en-us /blog/llvm-fuzzing-audit" Ada Logics Blog /blog/kyverno-security-audit-2023" Ada Logics Blog /blog/openssf-scorecard-probes" Ada Logics Blog /blog/crossplane-security-audit-2023" Ada Logics Blog /blog/notation-security-audit-2023" Ada Logics Blog /blog/liblouis-continous-fuzzing" Ada Logics Blog /blog/vitess-security-audit-2023" Ada Logics Blog /blog/cilium-security-audit" Ada Logics Blog /blog/istio-security-audit" Ada Logics Blog /blog/jackson-core-jackson-databind-security-audit" Ada Logics Blog /blog/capi-fuzzing-audit-2022" Ada Logics Blog /blog/argo-security-audit-2022" Ada Logics Blog /blog/kubeedge-security-engagement" Ada Logics Blog /blog/cri-o-security-engagement" Ada Logics Blog /blog/fuzzing-istio-cve-CVE-2022-23635" Ada Logics Blog /blog/structure-aware-go-fuzzing-complex-types" Ada Logics Blog Extract text /blog/fluxcd-security-audit" Ada Logics Blog In this blog post we will describe our efforts of integrating continuous fuzzing into more than 100 open source projects by way of OSS-Fuzz that has resulted in more than 2000 issues being reported, 1300 of which are verified and fixed. /blog/fuzzing-100-open-source-projects-with-oss-fuzz" Ada Logics Blog In spring 2021 Ada Logics engaged with Oxford University Centre for Doctoral Training in Cyber Security to deliver three online cyber security courses to DPhil (PhD) students. /blog/case-study-oxford-university-cyber-security-cdt-using-ada-logics-training-for-electives" Ada Logics Blog This post covers how Ada Logics integrated continuous security analysis into a state-of-the-art network proxy. /blog/integrating-continuous-security-analysis-into-linkerd2-proxy-and-dependencies" Ada Logics Blog In this blogpost we highlight the importance of continuity in fuzzing based on a recent experience with a security critical DoS issue in Go-Ethereum, CVE-2020-28362. /blog/the-importance-of-continuity-in-fuzzing-cve-2020-28362" Ada Logics Blog Fluent Bit is an open source log processor and part of the Cloud Native Computing Foundation. This fall the Linux Foundation partnered with Ada Logics to integrate automated vulnerability analysis of the Fluent Bit project. Ada Logics integreated sixteen fuzzers into Fluent Bit, found more than 30 bugs, fixed many of them and also integrated continuous fuzzing into the project. This post covers the project and the results of the engagement. /blog/fluent-bit-fuzzing" Ada Logics Blog In this article we will get started with go-fuzz, which is a popular open source fuzzing engine for Go applications. Fuzzing is currently gaining popularity due to its efficiency in finding bugs and vulnerabilities, and in this article you write your first fuzzer for a real-world program. /blog/getting-started-with-go-fuzz" Ada Logics Blog In this post we present four videos that cover the KLEE tool. KLEE is a symbolic execution engine that can be used to automate test-case generation as well as be used to find bugs /blog/symbolic-execution-with-klee" Ada Logics Blog In this blog post we share some brief insights into the code produced three popular binary-to-llvm translators. We do so through an empirical comparison between the LLVM code created by the three different translators when matched with the same binary code samples. /blog/binary-to-llvm-comparison" Ada Logics Blog In the last few years there has been a significant interest in code injection techniques from both attackers and defenders. These techniques enable the attacker to execute arbitrary code within the address space of some target process (which is why code injections are also called process injections often). The attacker uses code injections to improve stealth and evade anti-malware products, and sometimes even to achieve persistence. Attackers, both malware and red teamers, increasingly use these techniques to bypass anti-malware systems and endpoint protection systems in order to execute their payloads /blog/the-state-of-advanced-code-injections" Ada Logics Blog In the last decade there has been many improvements in fine-grained analysis techniques that focus on automating reverse engineering. The PANDA reverse engineering framework is particularly interesting in this context, as it is a mature framework that offers the foundation needed to develop fine-grained dynamic analysis tools, which has a large number of applications such as malware analysis, vulnerability discovery and root-cause analysis. In this blogpost series we will introduce the reader how to get started with the PANDA reverse engineering framework in order to create sophisticated dynamic program analysis tools. /blog/Building-a-custom-malware-sandbox-with-PANDA-Part-1" Ada Logics Blog