https://Rog3rSm1th.github.io/tags/python/ Recent content in python on Rog3rSm1th Hugo -- gohugo.io en-us <a href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank" rel="noopener">CC BY-NC 4.0</a> Thu, 16 Feb 2023 00:00:00 +0000 https://Rog3rSm1th.github.io/posts/memory-corruption-bugs-in-python/ Thu, 16 Feb 2023 00:00:00 +0000 https://Rog3rSm1th.github.io/posts/memory-corruption-bugs-in-python/ When I published Frelatage a year ago, I was often told: &ldquo;Why fuzz python?, there is nothing interesting to find in this language&rdquo;. Obviously, when people think of fuzzing, they think about memory corruption vulnerabilities, and therefore often assume that only codebases written in C/C++ can have this type of vulnerability. However, it should be noted that a significant number of python libraries have at least one part written in C, mostly for performance reasons. https://Rog3rSm1th.github.io/posts/fuzzing-python-libraries-frelatage/ Fri, 18 Mar 2022 00:00:00 +0000 https://Rog3rSm1th.github.io/posts/fuzzing-python-libraries-frelatage/ 🧐 What is fuzzing? Fuzzing or fuzz testing is an effective way to find bigs or vulnerabilities in a software or a library. The program which is used to fuzz is called the fuzzer (for example: AFL, HongFuzz or wfuzz) and the program being fuzzed is our target. A fuzzer typically starts feeding the target program with random inputs while observing its behaviour. Whenever the target crashes, the fuzzer reports the input which caused the crash to the user as a bug or a crash.