RT @mboehme_: Looks like there is a new snapshot-based fuzzer in town. It's also super-well documented. * * https:….

RT @mehunhoff: 🚨 Our latest #Ghidrathon release has out-of-box support for Python 3 modules that don’t support multiple Python sub-interpre….

Join millions who have switched to Grok.

RT @FoundryZero: For too long has it been a mild inconvenience to not have the features of GEF in LLDB. We at Foundry Zero feel you deserv….

RT @seanmonstar: New #rustlang h2 release: v0.3.20 🦀. This includes several bug fixes found with additional fuzzing (thanks @f0rki!) Worth….

RT @dystopiabreaker: one day google is going to randomly kill 8.8.8.8 for no reason and a double digit percentage of the internet as well a….

RT @JinshengBa: To avoid incomplete and incorrect citations in papers, I wrote a script to automatically correct BibTex files: https://t.co….

RT @workingjubilee: OnceCell is now STABLE, folks!

RT @aurelsec: The summer school "Cyber in Sophia Antipolis" will take place from July 3rd to 7th.Topic is research….

RT @michaelmarcozzi: 🥁I am looking for students and postdocs:. PhD student // 3 years, fully funded // Fuzzing . P….

yeah @ctfhacker released it :D this is an awesome project (although I might be biased).

RT @kayseesee: Intel LAM support is merged to Linux upstream!.(LAM makes HWASAN possible, similar to Arm's top-byte-ignore). .

RT @is_eqv: Very cool to see this work finally getting published. Congratz @__nils_ :)

RT @mboehme_: On finding 0days with LLMs.

RT @vxunderground: Today VirusTotal announced that each sample uploaded will be accompanied by "Code Insight". Code Insight uses Sec-PaLM,….

RT @mtarral: This is also the main fuzzer driving our initative to secure and harden the Linux kernel for Confidential Computing 🔐!. And it….

However, EF/CF also supports property-based fuzzing, looking for custom assertions/events, solidity panics in solc >0.8.

For example, EF/CF can actually synthesize an rentrancy exploit for the Uniswap/IMBTC incident. One just needs to configure EF/CF to fuzz all relevant contracts in combination.

The contracts are only simulated by EF/CF (due to perf reasons), but a generated testcase can be converted to solidity attack contracts if you need a working exploit for whatever reason. What is an exploit? Well we define it as being able to steal Ether.

This allows to to identify various types of reentrancy attacks. EF/CF simulates multiple attacker contracts that *can* respond to callbacks with reentrant transactions.

Now that we have performance, we can do fun things with the fuzzer. We actually attempt to execute reentrant transaction sequences. EF/CF mutates TX sequences that are dynamically expanded to a tree by the fuzzing harness, controlled by a reenter field.