Coverage Guided Fuzzing in Go

Recently I had the need to explore coverage guided fuzzing in Go. Whilst there is a bit of information scattered around on multiple different sites, as someone who is fairly new to Go, I couldn’t find a good concise source of information on what is already out there and the current state of play of fuzzer tooling within the Go world.

Read More

KASAN Info Leak Detection

In my previous blog post I dug into a general overview of the KASAN implementation in XNU. This post goes more in depth in detecting kernel uninitialized information leaks using it (no 0days dropped here :)). Kernel Information Leaks to userland are a common problem and can be used to leak confidential information or disclose kernel memory addresses which are typically used to bypass KASLR. An example of this type of vulnerability is CVE-2017-13868.

Read More

Fuzzing - Serverless Crash Triage

In order to learn about serverless architecture, I experimented with implementing a quick proof of concept crash triaging tool using AWS Lambda Functions. There are many benefits of serverless architecture when you really don’t want to manage underlying infrastructure components and often cost saving advantages which can be made. These concepts lend themselves well to certain components of a continuous fuzzing architecture (such as Google’s Clusterfuzz).

Read More