Cornelius Aschermann
@is-eqv.bsky.social
Fuzzing & stuff https://hexgolems.com
Reposted by Cornelius Aschermann
Must-read for fuzzing folks (read: tooling/algorithms/academia) by Addison Crump
addisoncrump.info/research/wha...
addisoncrump.info/research/wha...
What the hell are we doing? · Addison Crump
Homepage for Addison Crump
addisoncrump.info
October 26, 2025 at 3:16 AM
Must-read for fuzzing folks (read: tooling/algorithms/academia) by Addison Crump
addisoncrump.info/research/wha...
addisoncrump.info/research/wha...
Thanks to Viet Hoang Luu's effort AFL++ just got IJON support: github.com/AFLplusplus/...
IJON Full Implementation by vi3tL0u1s · Pull Request #2540 · AFLplusplus/AFLplusplus
IJON Full Implementation
This is a complete implementation of all IJON features for source code instrumentation in AFL++.
Base commit: 6b6cc9c1
Note to maintainers:
This PR is based on a commit, th...
github.com
September 21, 2025 at 9:30 AM
Thanks to Viet Hoang Luu's effort AFL++ just got IJON support: github.com/AFLplusplus/...
Reposted by Cornelius Aschermann
Reposted by Cornelius Aschermann
cut my heap into pieces, this is my crash report:
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
May 31, 2025 at 5:26 PM
cut my heap into pieces, this is my crash report:
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
Reposted by Cornelius Aschermann
✈️ I'll be at @icseconf.bsky.social this week — find me if you'd like to chat about all things fuzzing / binary analysis!
April 28, 2025 at 11:26 AM
✈️ I'll be at @icseconf.bsky.social this week — find me if you'd like to chat about all things fuzzing / binary analysis!
Reposted by Cornelius Aschermann
I'm proud to announce that myself and @AtipriyaBajaj have created the Workshop on Software Understanding and Reverse Engineering (SURE), which will be co-located at CCS 2025. sure-workshop.org/
Please follow our workshop account @sureworkshop and RT it for visibility :).
Please follow our workshop account @sureworkshop and RT it for visibility :).
SURE 2025 | The Workshop on Software Understanding and Reverse Engineering
The Workshop on Software Understanding and Reverse Engineering
sure-workshop.org
April 25, 2025 at 4:30 PM
I'm proud to announce that myself and @AtipriyaBajaj have created the Workshop on Software Understanding and Reverse Engineering (SURE), which will be co-located at CCS 2025. sure-workshop.org/
Please follow our workshop account @sureworkshop and RT it for visibility :).
Please follow our workshop account @sureworkshop and RT it for visibility :).
Reposted by Cornelius Aschermann
Our paper "Top Score on the Wrong Exam" paper will be presented at #ISSTA25 🐣 in Trondheim!
📝https://mpi-softsec.github.io/papers/ISSTA25-topscore.pdf
🧑💻https://github.com/niklasrisse/TopScoreWrongExam
// @nrisse.bsky.social @fuzzing.bsky.social
📝https://mpi-softsec.github.io/papers/ISSTA25-topscore.pdf
🧑💻https://github.com/niklasrisse/TopScoreWrongExam
// @nrisse.bsky.social @fuzzing.bsky.social
April 24, 2025 at 2:09 PM
Our paper "Top Score on the Wrong Exam" paper will be presented at #ISSTA25 🐣 in Trondheim!
📝https://mpi-softsec.github.io/papers/ISSTA25-topscore.pdf
🧑💻https://github.com/niklasrisse/TopScoreWrongExam
// @nrisse.bsky.social @fuzzing.bsky.social
📝https://mpi-softsec.github.io/papers/ISSTA25-topscore.pdf
🧑💻https://github.com/niklasrisse/TopScoreWrongExam
// @nrisse.bsky.social @fuzzing.bsky.social
Reposted by Cornelius Aschermann
As it turns out, the C compiler orphan-crushing machine offers no benefit: web.ist.utl.pt/nuno.lopes/p...
web.ist.utl.pt
April 22, 2025 at 8:37 PM
As it turns out, the C compiler orphan-crushing machine offers no benefit: web.ist.utl.pt/nuno.lopes/p...
Reposted by Cornelius Aschermann
There's still time to submit to FUZZING'25! This year, we're accepting both the (now classic) registered reports _and_ new short papers (fuzzing nuggets). Deadline is now March 26th! fuzzingworkshop.github.io
FUZZING'25 Workshop @ ISSTA
The 4th International Fuzzing Workshop (FUZZING) 2025 welcomes all researchers,
scientists, engineers and practitioners to present their latest research findings,
empirical analyses, t...
fuzzingworkshop.github.io
March 21, 2025 at 10:09 PM
There's still time to submit to FUZZING'25! This year, we're accepting both the (now classic) registered reports _and_ new short papers (fuzzing nuggets). Deadline is now March 26th! fuzzingworkshop.github.io
futures.cs.utah.edu/papers/25ICS... by @snagycs.bsky.social and @gabriel-sherman.bsky.social Seems like a very sensible approach to harness generation with some impressive results. I'm looking forward to seeing more discussion about this approach :) (sorry for blatantly copying the twitter thing).
March 18, 2025 at 3:13 AM
futures.cs.utah.edu/papers/25ICS... by @snagycs.bsky.social and @gabriel-sherman.bsky.social Seems like a very sensible approach to harness generation with some impressive results. I'm looking forward to seeing more discussion about this approach :) (sorry for blatantly copying the twitter thing).
Just earlier today I was talking to someone how we are missing out A LOT of power from dynamic language reflection/introspection capabilities in fuzzing, and then I saw this paper: nebelwelt.net/publications... - great timing & work @gannimo.bsky.social!
nebelwelt.net
March 4, 2025 at 5:01 AM
Just earlier today I was talking to someone how we are missing out A LOT of power from dynamic language reflection/introspection capabilities in fuzzing, and then I saw this paper: nebelwelt.net/publications... - great timing & work @gannimo.bsky.social!
Reposted by Cornelius Aschermann
Leude geht wählen.
Vote whatever Elon didn't endorse
Vote whatever Elon didn't endorse
Rechtsextremismus ist vorbei!
February 23, 2025 at 11:55 AM
Leude geht wählen.
Vote whatever Elon didn't endorse
Vote whatever Elon didn't endorse
Super cool to see people build ontop of Nyx: neodyme.io/en/blog/hype...
Introducing HyperHook: A harnessing framework for Nyx
In this post, we introduce HyperHook, a harnessing framework for snapshot-based fuzzing for user-space applications using Nyx. HyperHook simplifies guest-to-host communication and automates repetitive...
neodyme.io
February 6, 2025 at 1:34 AM
Super cool to see people build ontop of Nyx: neodyme.io/en/blog/hype...
Reposted by Cornelius Aschermann
I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
February 4, 2025 at 7:34 PM
I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
aischolar.0x434b.dev Pretty cool project by @434b.bsky.social: A neat web interface to explore security (and in particular: Fuzzing) papers with AI summaries. Seems super useful to get/stay up to date with recent papers :)
AIScholar - Paper Database
aischolar.0x434b.dev
February 4, 2025 at 3:29 PM
aischolar.0x434b.dev Pretty cool project by @434b.bsky.social: A neat web interface to explore security (and in particular: Fuzzing) papers with AI summaries. Seems super useful to get/stay up to date with recent papers :)
Reposted by Cornelius Aschermann
I got Linux running in a PDF file using a RISC-V emulator.
PDFs support Javascript, so Emscripten is used to compile the TinyEMU emulator to asm.js, which runs in the PDF. It boots in about 30 seconds and emulates a riscv32 buildroot system.
linux.doompdf.dev/linux.pdf
github.com/ading2210/li...
PDFs support Javascript, so Emscripten is used to compile the TinyEMU emulator to asm.js, which runs in the PDF. It boots in about 30 seconds and emulates a riscv32 buildroot system.
linux.doompdf.dev/linux.pdf
github.com/ading2210/li...
January 31, 2025 at 8:02 PM
I got Linux running in a PDF file using a RISC-V emulator.
PDFs support Javascript, so Emscripten is used to compile the TinyEMU emulator to asm.js, which runs in the PDF. It boots in about 30 seconds and emulates a riscv32 buildroot system.
linux.doompdf.dev/linux.pdf
github.com/ading2210/li...
PDFs support Javascript, so Emscripten is used to compile the TinyEMU emulator to asm.js, which runs in the PDF. It boots in about 30 seconds and emulates a riscv32 buildroot system.
linux.doompdf.dev/linux.pdf
github.com/ading2210/li...
I have long argued that fuzzers are better at tracking taint than taint tracking. @andreaszeller.bsky.social et Al. build a info leak fuzzer (w/o taint tracking): dl.acm.org/doi/pdf/10.1.... It finds 10 old CVEs (ASAN: 1). Cool to see a PoC! Would probably work better with snapshot fuzzing tho ;)
January 27, 2025 at 2:56 PM
I have long argued that fuzzers are better at tracking taint than taint tracking. @andreaszeller.bsky.social et Al. build a info leak fuzzer (w/o taint tracking): dl.acm.org/doi/pdf/10.1.... It finds 10 old CVEs (ASAN: 1). Cool to see a PoC! Would probably work better with snapshot fuzzing tho ;)
pacibsp.github.io/2024/invaria... Another great blogpost displaying the "The compiler is an evil djinn, secretly trying to corrupt your wishes with the moral compass of tobacco industry lawyers"-model of C semantics.
“Invariant inversion” in memory-unsafe languages
One way of seeing the difference between memory-safe and memory-unsafe languages is that in a memory-safe language, the invariants used to uphold memory safety only “lean on” invariants that are enfor...
pacibsp.github.io
December 31, 2024 at 1:50 AM
pacibsp.github.io/2024/invaria... Another great blogpost displaying the "The compiler is an evil djinn, secretly trying to corrupt your wishes with the moral compass of tobacco industry lawyers"-model of C semantics.
Reposted by Cornelius Aschermann
December 24, 2024 at 12:13 AM
Reposted by Cornelius Aschermann
🔥 No fuzz drivers needed. Our paper on injecting greybox fuzzers into running systems at user-defined amplifier points (in-vivo fuzzing) was accepted at #ICSE25!
📝 mboehme.github.io/paper/ICSE25...
🧑💻 github.com/OctavioGalla... (subject to AE)
//Lead by Octavio Galland (former #MPI_SP intern).
📝 mboehme.github.io/paper/ICSE25...
🧑💻 github.com/OctavioGalla... (subject to AE)
//Lead by Octavio Galland (former #MPI_SP intern).
November 28, 2024 at 4:24 PM
🔥 No fuzz drivers needed. Our paper on injecting greybox fuzzers into running systems at user-defined amplifier points (in-vivo fuzzing) was accepted at #ICSE25!
📝 mboehme.github.io/paper/ICSE25...
🧑💻 github.com/OctavioGalla... (subject to AE)
//Lead by Octavio Galland (former #MPI_SP intern).
📝 mboehme.github.io/paper/ICSE25...
🧑💻 github.com/OctavioGalla... (subject to AE)
//Lead by Octavio Galland (former #MPI_SP intern).
mboehme.github.io/paper/ICSE25...
Really like this paper. Instead of writing a libfuzzer harness, use the state&arguments from test/E2E fuzzing and note what args can be fuzzed. Interesting follow ups: How to validate a crash in E2E setting & inferring amplification points & constraints dynamically.
Really like this paper. Instead of writing a libfuzzer harness, use the state&arguments from test/E2E fuzzing and note what args can be fuzzed. Interesting follow ups: How to validate a crash in E2E setting & inferring amplification points & constraints dynamically.
mboehme.github.io
November 28, 2024 at 3:43 PM
mboehme.github.io/paper/ICSE25...
Really like this paper. Instead of writing a libfuzzer harness, use the state&arguments from test/E2E fuzzing and note what args can be fuzzed. Interesting follow ups: How to validate a crash in E2E setting & inferring amplification points & constraints dynamically.
Really like this paper. Instead of writing a libfuzzer harness, use the state&arguments from test/E2E fuzzing and note what args can be fuzzed. Interesting follow ups: How to validate a crash in E2E setting & inferring amplification points & constraints dynamically.
Reposted by Cornelius Aschermann
Don't really know the purpose of starter packs yet, but here's some people who fuzz(ed). Let me know who I forgot
go.bsky.app/EhGFSVj
go.bsky.app/EhGFSVj
November 21, 2024 at 7:53 PM
Don't really know the purpose of starter packs yet, but here's some people who fuzz(ed). Let me know who I forgot
go.bsky.app/EhGFSVj
go.bsky.app/EhGFSVj
Reposted by Cornelius Aschermann
Company: We have a monolith!
Me: ...
Company: *holds up diagram of 8 services, 15 databases, and a home grown queue implementation*
Me: You fucked up a perfectly good distributed system is what you did. Look at that thing, it's got clock skew.
Me: ...
Company: *holds up diagram of 8 services, 15 databases, and a home grown queue implementation*
Me: You fucked up a perfectly good distributed system is what you did. Look at that thing, it's got clock skew.
November 19, 2024 at 7:01 PM
Company: We have a monolith!
Me: ...
Company: *holds up diagram of 8 services, 15 databases, and a home grown queue implementation*
Me: You fucked up a perfectly good distributed system is what you did. Look at that thing, it's got clock skew.
Me: ...
Company: *holds up diagram of 8 services, 15 databases, and a home grown queue implementation*
Me: You fucked up a perfectly good distributed system is what you did. Look at that thing, it's got clock skew.