lcamtuf's old blog lcamtuf.blogspot.com

Officially retiring this...

lcamtuf.blogspot.com·186w·lcamtuf.blogspot.com

Practical Doomsday

lcamtuf.blogspot.com·249w·lcamtuf.blogspot.com

AFL experiments, or please eat your brötli

lcamtuf.blogspot.com·473w·lcamtuf.blogspot.com

CSS mix-blend-mode is bad for your browsing history

lcamtuf.blogspot.com·510w·lcamtuf.blogspot.com

Clearing up some misconceptions around the "ImageTragick" bug

lcamtuf.blogspot.com·523w·lcamtuf.blogspot.com

Automatically inferring file syntax with afl-analyze

lcamtuf.blogspot.com·536w·lcamtuf.blogspot.com

New in AFL: persistent mode

lcamtuf.blogspot.com·570w·lcamtuf.blogspot.com

Finding bugs in SQLite, the easy way

lcamtuf.blogspot.com·579w·lcamtuf.blogspot.com

On journeys

lcamtuf.blogspot.com·581w·lcamtuf.blogspot.com

Another round of image bugs: PNG and JPEG XR

lcamtuf.blogspot.com·584w·lcamtuf.blogspot.com

Bi-level TIFFs and the tale of the unexpectedly early patch

lcamtuf.blogspot.com·588w·lcamtuf.blogspot.com

afl-fuzz: making up grammar with a dictionary in hand

lcamtuf.blogspot.com·592w·lcamtuf.blogspot.com

afl-fuzz: nobody expects CDATA sections in XML

lcamtuf.blogspot.com·598w·lcamtuf.blogspot.com

afl-fuzz: crash exploration mode

lcamtuf.blogspot.com·599w·lcamtuf.blogspot.com

Pulling JPEGs out of thin air

lcamtuf.blogspot.com·601w·lcamtuf.blogspot.com

PSA: don't run 'strings' on untrusted files (CVE-2014-8485)

lcamtuf.blogspot.com·603w·lcamtuf.blogspot.com

Two more browser memory disclosure bugs (CVE-2014-1580 and #19611cz)

lcamtuf.blogspot.com·605w·lcamtuf.blogspot.com

Fuzzing random programs without execve()

lcamtuf.blogspot.com·605w·lcamtuf.blogspot.com

Bash bug: the other two RCEs, or how we chipped away at the original fix (CVE-2014-6277 and '78)

lcamtuf.blogspot.com·607w·lcamtuf.blogspot.com

Bash bug: apply Florian's patch now (CVE-2014-6277 and CVE-2014-6278)

lcamtuf.blogspot.com·607w·lcamtuf.blogspot.com

Log in to enable infinite scrolling