RT @emil_lerner: Slides from my talk "HTTP Request Smuggling via higher HTTP versions" at #phdays10!. Several previously undisclosed flaws….

RT @emil_lerner: I've just released the source code for at PRs are welcome :).

Honestly, I didn’t think that the first thing you should do on the way to become a browser security researcher is installing noscript.

At my SAS Online 2020 workshop I will be speaking about current trends of fuzzing since they have changed a lot lately. I’ll also share my ideas on how fuzzing should be approached nowadays and how to move away from “I’ve just launched AFL and found a bug, haha”.

Seems like I have finally started a blog! . Hunting for bugs in VirtualBox (First Take) .

Oracle has finally patched another bug that I found in VirtualBox. I think this is the first bug that is worth writing about, so I will finally start a blog soon.

Своим русскоязычным фолловерам я хотел бы порекомендовать видеозаписи лекций Георгия Владимировича Курячего на канале UNИX. За годы обучения в университете из его лекций я узнал больше интересного, чем из всех обязательных курсов вместе взятых.

While patch-diffing VirtualBox: wow, those E1000 emulator bugs are still a thing. There was a bug, which could allow attack to position CSE register (position to stop computing checksum) after the end of real packet

One sleepless weekend of fuzzing and code review and I managed to find my first two vulnerabilities in VirtualBox: CVE-2020-2929 and CVE-2020-2951! Also my first bug collision ever. Credit to @vishnudevtj for also finding CVE-2020-2929!.

One way to learn about particular fuzzing engine is to look at its test cases. I find it really amazing that libfuzzer can do things like this one:

Holy Moly! That's finally happend! Our team is in BMW security Hall of Fame! Check this out:

I sit near a window at work. Through it I can see a huge construction site, which makes me think each time I look outside: "These guys have almost built three giant buildings, while I sit here. What have I done during all that time? Does it have any value comparing to *this*?".

Исследование уязвимости порчи памяти в VNC. Отчёт на русском [en] Russian version of report is already published.

Also, I would like to mention that some vulnerabilities where very similar and some were migrating from one project to another, because of copy-pasting GPL code. We really need to find a way to find those variants of vulnerabilities.

I don’t act like I found all the memory corruption bugs in VNC products, but I hope my work was at least a drop in the ocean on the way to secure world of open source products.

After my talk a weird guy appeared from the crowd and said, that I didn’t find ALL vulnerabilities. So there still some space for YOUR research.

Today at @ZeroNights I presented research about memory corruption vulnerabilities in VNC. Full report in English will be available at on the 22-th of November.

If you are going to ZN this year, visiting this talk is a must.

I have just published a blog post about solving "Master of PHP challenge" from Read World CTF 2019. This solution doesn't care about a bug implanted into PHP. We exploit curl 1-day instead!

The more I think about it, the more depressed I become. Without libfuzzer, afl and ASan I wouldn't be able to find and identify vulnerabilities so quickly. So, probably, these projects deserve more credit, than security researcher who used them does.