secfigo / awesome-fuzzing Goto Github PK

Under free, the Offensive Security lecture (https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html) is no longer located on the web server. Wayback Machine to the rescue!

https://web.archive.org/web/20200414165953/https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html

https://t.co/60SKIwU5e0?amp=1

The links you have now are old. Here are the new ones:
http://www.flinkd.org/fuzzing-with-peach-part-1/
http://www.flinkd.org/fuzzing-with-peach-part-2-fixups-2/

Hi, can we add gamozolabs Fuzz Week videos to the list? (I can do the PR).
First video: https://www.youtube.com/watch?v=2xXt_q3Fex8

Thanks.

Hello,

I'm not sure on how to create a pull request to add another training course. Last year I attended the Vuln-Dev Master Class from Exodus Intelligence. No further affiliation.

Link: https://blog.exodusintel.com/2016/05/18/exodus-intelligence-2016-training-course/

I thought I would make sure these links are appropriate for the this project before filing a PR.

Go has a coverage based fuzzer, but because the language is memory-safe, crashes are not exploitable in the same manner as overflows etc. in C or C++.

https://github.com/dvyukov/go-fuzz
blog.cloudflare.com/dns-parser-meet-go-fuzzer/
https://medium.com/@dgryski/go-fuzz-github-com-arolek-ase-3c74d5a3150c
Fuzzing Beyond Security: Automated Testing with go-fuzz (https://www.youtube.com/watch?v=kOZbFSM7PuI)

Cool list, very useful!

Some things about network protocol fuzzers, which i'm currently intersted in:

• I checked Nightmare, but i'm unable to see the network-fuzzing capabilities. Are you sure it can fuzz network things (imho it's more a distributed file fuzzer)?
• I'm developing FFW network fuzzer, maybe can add them? https://github.com/dobin/ffw
• Theres's also:
  • https://github.com/denandz/fuzzotron
  • https://github.com/Cisco-Talos/mutiny-fuzzer

The link for MiniFuzz is broken, as MS pulled the download.
But the wayback machine caught it:
MiniFuzz