Pinned
May 11-14 I’ll be in Berlin giving my Advanced Fuzzing and Crash Analysis class at @offensive_con. This class will have new ARM64 targets and a bit of AI special sauce!
offensivecon.org/trainings/2026…
Richard Johnson
12.2K posts
Richard Johnson
@richinseattle
Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ fuzzing.io; hacking the planet since 1995; Undercurrents BOFH
uninformed.org // undercurrents.io
https://github.com/richinseattle
https://github.com/moflow
https://github.com/fuzzing-io
Joined October 2009
- WARNING! I can confirm this is true and I got hit by @z0x55g who sent me a Windows kernel PoC trigger. The vulnerability was real and complex to trigger. Fortunately I only ran it in VM.. in the end the VMDK I was using was actually corrupted and non-bootable, so it self-implodedNew blog post from TAG with details of a North Korean campaign targeting security researchers working on vulnerability research and development. blog.google/threat-analysi… Stay safe out there everyone!
- That’s not a polyglot, THIS is a polyglot. Most impressive.. 1024 bytes of code that compiles in 190 languages and counting, emits a message with the number of the languages it supports. codegolf.stackexchange.com/questions/1023…
- Based on the rate of research, you could say fuzzing is kind of a big deal. So many papers are being published it’s hard to track it all, let alone read it all. These repos are doing a good job indexing the papers: github.com/0xricksanchez/… github.com/wcventure/Fuzz…
- Here's my slides for Fuzzing: Age of Vulnerability Discovery I delivered as a keynote at @wootsecurity as well as @nohatcon and @HushCon this year. It's an overview of how the eco system has evolved with new instrumentation, snapshot fuzzing, and mutators. fuzzing.io/hushcon23.pdf
For attendees of my @HushCon talk and fuzzing friends, check out @is_eqv and @ms_s3c projects (Redqueen, kAFL, Nyx, etc), @0vercl0k’s WTF fuzzer, TSFFS by @novafacing, LibAFL by @domenuk @andreafioraldi et al, Snapchange from @ctfhacker, and ofc AFL++ from @hackerschoice et al. - Wow, China restricted all researchers from participating in int'l hacking competitions, big change, not good for the public. Chinese teams win these competitions with impressive displays of skill and we all learn and bugs get patched. Foreboding news..
- Lightning in a Bottle: 25 Years of Fuzzing - my keynote from FuzzCon 2020 #FuzzCon #FuzzCon2020 thank you @ForAllSecure for organizing!
- Well big news, Friday was my last day at Eclypsium, and I'm officially going all in on being fully independent and running my own companies. Some of you may have seen it coming as I registered my second LLC last month. I just got off a call and locked in a private fuzzing
- Dan’s last words to me were “Bring up the next gen”-eration of hackers.
- Replying to @rndashm and @MercedesBenzNice. I checked out the firmware Motorola developed for most of the major EU manufacturers including Benz in the early 2000s. That one was QNX based for their infotainment/nav. I particularly appreciated the ascii art which included skull&bones for when /dev/airbag deployed :)
- Less than 24h after our Seattle mayor banned the use of tear gas in protests for 30 days, the police just launched some sort of gas against protesters. MF police just won't stop.Replying to @ColeMillerTVSome kind of gas is also being used. I tried getting another video but got a big whif of it #KOMONews
00:00 - In case you missed the key takeaways in the thread: The real compromise was the chrome 0day on the blog - the lure was the pgp key, which was needed for target to decrypt one of a few offered low value browser or kernel PoC for collab. Shared project was trojaned as backup plan
- Proud moment. The 40th anniversary @phrack release was a full success. We gave away 12,000 full color 150pg printed zines for free across three different conferences and did the final main stage talk before closing. l covered the history of phrack and did some panel questions.
