Filippo Bigarella

In my idea of interactive fuzzing, it would be cool to have a taint tracking engine and being able to manually specify values which could then be propagated through backwards taint analysis. Not sure if there is already some work on this.

He briefly touches on the idea of “interactive fuzzing” and delves into applying manual program transformations to circumvent fuzzing blockers (different from T-Fuzz); then he explains how this fuzzing engine helps going in that direction.

Interesting document by @GuidoVranken on a new fuzzing engine he’s built: https://guidovranken.files.wordpress.com/2018/07/vrankenfuzz.pdf … I think the ancillary concepts detailed in the paper are even more interesting than the engine alone.

I’ve been writing a simple plugin for Sublime Text and I must say I find its APIs quite good, so far. It’s one of the first plugin-oriented API that doesn’t make me want to rewrite the whole (hosting) software from scratch.

For more context: it took me almost a whole day to work around installation issues, inconsistencies in wrappers and bugs in libraries to do the same thing I’ve done in Swift (which I’m still learning!) with CoreBluetooth in a matter of an hour.

I used to be bitter about CoreBluetooth on iOS, until I realized how sad is the state of bluetooth libraries (and the thousands of buggy wrappers around them) one has to deal with on other platforms

Mainly for academia/research friends: how does one usually approach reading a PhD thesis? I feel like the method I normally apply to papers might be sub-optimal in this case. Suggestions are welcome!

Leaving Germany after a great week in Heidelberg for @WEareTROOPERS. Got some suspicious looks from airport security because of the badge, but they told me they had already seen another one earlier today

TROOPERS started off great with an amazing keynote from @michaelossmann. One of the best I’ve ever had the pleasure to attend!

Probably one of the most memorable moments of this semester: our professor introducing LTL tableaux rules with a quote of Scarlett O’Hara from “Gone with the Wind”: “After all... tomorrow is another day.”

FWIW, video is available here: https://alde.livecasts.eu/software-vulnerability-disclosure-in-europe …

Overall, it was pleasing to hear the discussion; quite a lot of stuff (not *all* of it…) resonated with what security researchers have been saying in the past few years.

Somewhat dissonant position expressed by MSFT in the first panel (“coor VD good, else bad”) (promptly challenged by @halvarflake’s question – in absence of an on-site person who could provide a counterpoint).

Many great points were made; however, I would be interested to hear more discussion about vendors’ responsibilities for vulnerable software (Answer to @MarietjeSchaake’s question only scratched the surface?)

Very interesting debate on software vulnerability disclosure in EU organized by @MarietjeSchaake. I really hope the EU can lead the way to establishing a common process which safeguards security researchers & at-risk users.

Had a good time at @offensive_con; some great talks and amazing organization :) Now looking forward to @WEareTROOPERS next month!