Cornelius Aschermann

#FUZZING'26 CALL FOR PAPERS
──────
✨ After 5 years, we will be again co-located with NDSS!

🔗 fuzzing-workshop.github.io
📅 11. Dec (Submission)

//cc @mboehme.bsky.social (MPI-SP), @ruijiemeng.bsky.social (CISPA), @rohan.padhye.org (CMU), László Szekeres (Google)

But only if we like the domain of your email address.

Must-read for fuzzing folks (read: tooling/algorithms/academia) by Addison Crump
addisoncrump.info/research/wha...

IJON Full Implementation by vi3tL0u1s · Pull Request #2540 · AFLplusplus/AFLplusplus IJON Full Implementation This is a complete implementation of all IJON features for source code instrumentation in AFL++. Base commit: 6b6cc9c1 Note to maintainers: This PR is based on a commit, th...

Thanks to Viet Hoang Luu's effort AFL++ just got IJON support: github.com/AFLplusplus/...

drops.dagstuhl.de/storage/01oa...

can we get this builtin in lldb please?

A summer of security: empowering cyber defenders with AI Here’s what we’re announcing at cybersecurity conferences like Black Hat USA and DEF CON 33.

Our Big Sleep LLM Agent found critical vulns 📈📈📈 #BigSleep
blog.google/technology/s...

cut my heap into pieces, this is my crash report:
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()

I love this. I've been using dwarf data for a while now (I think the design space of "you have source, but you'd rather do binary analysis with dwarf on debug builds"-tools is kinda under explored). But I never treated dwarf as a database format to safe results in.

✈️ I'll be at @icseconf.bsky.social this week — find me if you'd like to chat about all things fuzzing / binary analysis!

I'm proud to announce that myself and @AtipriyaBajaj have created the Workshop on Software Understanding and Reverse Engineering (SURE), which will be co-located at CCS 2025. sure-workshop.org/

Please follow our workshop account @sureworkshop and RT it for visibility :).

Our paper "Top Score on the Wrong Exam" paper will be presented at #ISSTA25 🐣 in Trondheim!

📝https://mpi-softsec.github.io/papers/ISSTA25-topscore.pdf
🧑‍💻https://github.com/niklasrisse/TopScoreWrongExam

// @nrisse.bsky.social @fuzzing.bsky.social

As it turns out, the C compiler orphan-crushing machine offers no benefit: web.ist.utl.pt/nuno.lopes/p...

Seems like Atropos does most of that too - i.e. automatically inferring some kind of "spec" in a way - it just doesn't use OpenAPI, I think? (except for also having coverage feedback & snapshot).

What's the delta between this and Atropos? Not limited to PHP?

Have been making the exact same experience - tried very hard to use perplexity pro for a couple of days, hardly ever found a problem easy enough for the AI to solve, with some outlandishly easy things failing even on claude etc.

There's still time to submit to FUZZING'25! This year, we're accepting both the (now classic) registered reports _and_ new short papers (fuzzing nuggets). Deadline is now March 26th! fuzzingworkshop.github.io

futures.cs.utah.edu/papers/25ICS... by @snagycs.bsky.social and @gabriel-sherman.bsky.social Seems like a very sensible approach to harness generation with some impressive results. I'm looking forward to seeing more discussion about this approach :) (sorry for blatantly copying the twitter thing).

Now, if someone combines this paper with www.usenix.org/conference/u... (which already some similar stuff) I would totally expect that fuzzing outperforms static analysis on web-app security issues just as harshly as we know it to outperform static analysis on the native side.

Just earlier today I was talking to someone how we are missing out A LOT of power from dynamic language reflection/introspection capabilities in fuzzing, and then I saw this paper: nebelwelt.net/publications... - great timing & work @gannimo.bsky.social!

Next thing: a bunch of 'em go all "shocked pikatchu"over the realisation that there's a ton of ADHD and/or Autistic folks in CS 🤣

And those that aren't, are usually friends with quite a few of those that are ...

Leude geht wählen.

Vote whatever Elon didn't endorse

Check out ghostcell: plv.mpi-sws.org/rustbelt/gho... with the presentation: www.youtube.com/watch?v=jIbu... for a way to make 0 overhead, proven safe, cyclic datastructures with actual references in rust.

SWE-Lancer: Can Frontier LLMs Earn $1 Million from Real-World Freelance Software Engineering? We introduce SWE-Lancer, a benchmark of over 1,400 freelance software engineering tasks from Upwork, valued at \$1 million USD total in real-world payouts. SWE-Lancer encompasses both independent engi...

arxiv.org/abs/2502.12115 can't argue with the science on that one: LLM's are solving almost 60% of the manager tasks, but only 40% of SWE tasks :P

Introducing HyperHook: A harnessing framework for Nyx In this post, we introduce HyperHook, a harnessing framework for snapshot-based fuzzing for user-space applications using Nyx. HyperHook simplifies guest-to-host communication and automates repetitive...

Super cool to see people build ontop of Nyx: neodyme.io/en/blog/hype...

I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!

aischolar.0x434b.dev Pretty cool project by @434b.bsky.social: A neat web interface to explore security (and in particular: Fuzzing) papers with AI summaries. Seems super useful to get/stay up to date with recent papers :)

I got Linux running in a PDF file using a RISC-V emulator.

PDFs support Javascript, so Emscripten is used to compile the TinyEMU emulator to asm.js, which runs in the PDF. It boots in about 30 seconds and emulates a riscv32 buildroot system.

linux.doompdf.dev/linux.pdf
github.com/ading2210/li...

I.e. I think one of the reasons fuzzing based taint hasn't been explored more widely in academia is that if you measure taint label accuracy on all variables, to compare against existing approaches, the result will be atrocious. You'd need to use it in a bigger bug finding pipeline to make sense.