Thuan Pham

@ThuanpvNus

Automated software testing enthusiast. Working on program analysis and smart fuzzing.

Australia
thuanpv.github.io
Vrijeme pridruživanja: listopad 2015.
9 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @ThuanpvNus

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ThuanpvNus

  1. Prikvačeni tweet
    11. sij

    "AFLNet: A Greybox Fuzzer for Network Protocols", my joint work with & Abhik, is accepted as a testing tool paper . It was motivated by many requests from AFL users for . Stay tuned for preprint & tool (with funder's approval).

    7 replies 48 proslijeđenih tweetova 179 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. prije 8 sati

    Great findings! I really want to play with these "toys" and fuzz them using

    Cisco Discovery Protocol (CDP) enabled devices are vulnerable to Denial-of-Service (DoS) and Remote Code Execution (RCE) 👏👏👏 CVE-2020-3110 CVE-2020-3111 CVE-2020-3118 CVE-2020-3119 CVE-2020-3120 Note: Hacking Video:
    2 korisnika označavaju da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    prije 18 sati

    Why is fuzzing not part of the development lifecycle yet? 🤔

    syzbot joins the " added to kernel" celebration party with UAF write that corrupts linked list: and a deadlock:
    10 replies 14 proslijeđenih tweetova 62 korisnika označavaju da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    prije 10 sati

    .: "There is a simple mitigation: If an instruction fails, do not execute any instructions that depend on it". Thanks, Yuval, for coming down to visit us at the Monash Fuzzing Lab in Melbourne! Great to have you here.

    3 proslijeđena tweeta 8 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    5. velj

    The AFL++ website is up: Very naive ATM, I'm open to suggestions.

    41 proslijeđeni tweet 111 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    1. velj

    I also uploaded the first Paper Review, on "Building Fast Fuzzers"!

    11 proslijeđenih tweetova 117 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    1. velj

    Our amazing speaker line has been released. Check them out below on our website. The schedule will be announced soon🥳👇👇

    1 reply 18 proslijeđenih tweetova 43 korisnika označavaju da im se sviđa
    Poništi
  8. 30. sij

    My take-away from recent review article paper of P. Godefroid -- 3 (of N) open challenges in 1) how to engineer exhaustive symbolic testing in a cost-effective manner, 2) how to automate the generation of input grammars, and 3) how to effectively fuzz distributed apps

    4 proslijeđena tweeta 26 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    28. sij

    Over the past few years I've spent 100s (1000s?) of hours studying how companies have scaled their security. Here are my slides that distill what I've learned- the big, scalable, systematic wins that measurably improve your security posture.

    83 proslijeđena tweeta 181 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    28. sij

    Check out ' tips on Fuzzing, to overcome known challenges and maximize results:

    48 proslijeđenih tweetova 99 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    24. sij

    My conjecture* for 2020. An 𝗲𝘅𝗽𝗼𝗻𝗲𝗻𝘁𝗶𝗮𝗹 increase in the # cores available to your favourite fuzzer yields a 𝗹𝗶𝗻𝗲𝗮𝗿 increase in coverage achieved (or # bugs found) after a fixed time budget. Maybe less. *Give me counter-evidence!

    11 replies 10 proslijeđenih tweetova 41 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    22. sij

    Finally uploaded video of my talk "Expanding the Reach of Fuzz Testing", which I gave at UMass Amherst! Introduces PerfFuzz, FuzzFactory, FairFuzz, Zest + JQF, RLCheck and Autopandas 😃

    42 proslijeđena tweeta 195 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    20. sij

    We () just opened our software testing lecture notes. It currently contains 14 full chapters, 52k words, 63 videos, and 82 exercises. License: CC-BY-NC-SA. Feel free to use it!

    15 replies 193 proslijeđena tweeta 415 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    16. sij

    📢 Announcing better support for fuzzing with structured inputs in Rust! 📢 New releases of `cargo fuzz`, `libfuzzer-sys`, and `arbitrary` better support writing fuzz targets that take well-formed instances of custom input types. Details:

    1 reply 39 proslijeđenih tweetova 119 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    12. sij

    I'm using Afl to find "packet of death" for 3 years, but never manage to detect statefull bug with it. Indeed there little litterature on the subject. Can't wait to read more details on

    Key ideas of : state feedback & code coverage feedback work hand-in-hand, automatic state machine inference @ run-time, & toward progressive states. CVEs with CVSS score 9.8 (CRITICAL) discovered in Real-Time Streaming Protocol (RTSP) server.
    Prikaži ovu nit
    2 proslijeđena tweeta 7 korisnika označava da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    13. sij

    Good news! We just released our tool and preprint. Preprint: Github: Lead and implemented by and Lucia. Collab , &

    Accepted at 2020. See you in Seoul, South Korea!
    Prikaži ovu nit
    5 proslijeđenih tweetova 43 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. 11. sij

    It lengthens a series of AFL-based work in great collaboration with and Abhik Roychoudhury & AFLFast (CCS'16) -> AFLGo (CCS'17) -> AFLSmart (TSE'19) -> AFLNet (ICST'2020) -> what's next? :)

    3 proslijeđena tweeta 17 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. 11. sij

    Key ideas of : state feedback & code coverage feedback work hand-in-hand, automatic state machine inference @ run-time, & toward progressive states. CVEs with CVSS score 9.8 (CRITICAL) discovered in Real-Time Streaming Protocol (RTSP) server.

    16 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    9. sij

    🎉 First security blogpost of 2020 🎉 Some people ask me, so here is how to start fuzzing APIs of JavaScript engines like Chrome/V8. In this blogpost, I'm using: ✅ Dharma/Domato ✅ Chrome/v8 ASan pre-built ✅ Honggfuzz ;)

    73 proslijeđena tweeta 149 korisnika označava da im se sviđa
    Poništi
  20. 20. pro 2019.

    Most recent paper on attacks over the Controlled Area Network (CAN) bus on cars. So cool!

    Our paper "Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT" got into 2020 ! Joint work w/ Prof. Zhiqiang Lin's group@OSU. It's the first security analysis of car IoT dongles (1/2)
    Prikaži ovu nit
    3 korisnika označavaju da im se sviđa
    Poništi

@ThuanpvNus još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·