25 June 2024 – Written by Valentin Huber – in LibAFL, coreutils,, cybersecurity, and fuzzing,
After reading about fuzzing and testing a fuzzer, I wanted to delve deeper into the inner workings. In discussions with my advisor, we found that there is a lot of work on some parts of fuzzers, such as advanced scheduling algorithms, but the oracle of what constitutes an illegal state has received comparably little attention.
Read more…
13 February 2024 – Written by Valentin Huber – in KLEE, coreutils, cybersecurity, fuzzing, and symbex
While I read a lot about symbolic execution in fuzzing for a seminar, I wanted to actually do it. Since KLEE appeared to be one of the most influential fuzzing tool, I decided to attempt to reproduce the findings in their original paper. Additionally, I chose to compare different versions of GNU’s coreutils to investigate the quality of software over time.
Read more…
15 December 2023 – Written by Valentin Huber – in cybersecurity, fuzzing, review, and symbex
In a security seminar at MSE I surveyed existing review papers on symbolic execution-based fuzzing and wrote my own survey paper. I focused on fundamental challenges that symbex introduces in fuzzing and classified the approaches I found to mitigate them into several categories. The work is available here.
Read more…
02 October 2023 – Written by Valentin Huber – in cybersecurity
tl;dr: Properly use a password manager on an up-to-date, backed-up device.
Read more…
07 July 2023 – Written by Valentin Huber – in Ghidra, cybersecurity, rev, and symbex
For my bachelor’s thesis, Silvan Flum and I developed Ghidrion, a plugin for Ghidra that allows the use of Morion, a suite of tools to use symbolic execution.
Read more…