They who can give up essential liberty
to obtain a little temporary safety,
deserve neither liberty nor safety.
Benjamin Franklin, 1775
over the last year afl++ became the best fuzzer available - by independant assessments: Google's FuzzBench Fuzzer Benchmark Assessment from July 2020
I also participated in an academic paper that was accepted for the 14th USENIX Workshop on Offensive Technologies: AFL++: Combining incremental steps of fuzzing research
a lot has happend the last months, so here are the highlights:
my afl++ project attracted 3 talented security guys, and we are making the project so much better at such a fast pace - it is amazing! It is that good that is was selected to be in Google Summer of Code :-)
I am performing a training on fuzzing source code and binary programs at the Troopers conference
I wrote an article on the effectiveness of security static code analysis tools which is online now: heise developer: statische code analyse auf dem prüfstand (GERMAN)
since afl is not being maintained since fall 2017 and i am collecting afl community patches for over a year i created an update afl++. increased performance in llvm and qemu mode, bug fixes and new featres. plus I added the enhanced performance from aflfast. in other words its the best afl out there :)afl++ at github
i just released version9.0 of hydra: new modules rdp, mongodb and memcachedhydra at github
the quality of my security servies are now certified by iso 9001:2015!
i wish everyone a happy new year!
2019 was already started enthusiastically by me - I made new releases of hydra and thc-ipv6 available, additionally afl-dyninst now supports dyninst 10!
that being said, I am currently getting my processes iso 9001 certified :)hydra at github thc-ipv6 at github afl-dyninst at github
I am now tisax level 3 security certified for handling prototypes and information with high protection requirements.
afl-dynamorio enables blackbox binary fuzzing with alf-fuzz through dynamorio
afl patches is a collection of patches for afl that improve performance, coverage, features - or fixes bugs.
additionally I improved the performance of afl-dyninst which is now by far the fastest guided fuzzer solution for blackbox binaries.afl with dynamorio afl patches afl-dyninst
happy eastern! and I brought gifts:
afl-pin enables blackbox binary fuzzing with alf-fuzz through pintool
afl-simulate simulates afl-fuzz to benchmark performance of e.g. afl-pin, afl-dynamorio and afl-dyninst
additionally I am now the co-author of afl-dyninst :)afl with pintool afl-fuzz simulator afl-dyninst
i just released version 3.4 of my ipv6 pentest toolkit.
happy new year!
about 20 years ago I coded the proof-of-concept tool rwwwshell. today it can be seen used in the tv series mr.robot in season 2 episode 12 and season 3 episode 1 :)
i wish everyone happy holidays and a great new year!
at the (german) heise conference for secure software development (24-26 october 2017) I will do a talk about the (in-)security impact of processors and compilers on the machine code created.my talk at heise secdev 2017 (german)
attention: by availability for the rest of 2017 is already getting low!
and i just released version 8.6 of hydra
i just released version 8.5 of hydrahydra at github
the new design of the web page is there :)
the year worked out perfectly well with interesting projects and a lot of work. thank you for your trust in me! i wish everyone a happy xmas and a wonderful new year!
my ipv6 pentest & security training will be held for a last time for north america at the cansecwest security conference in vancouver from the 12-13th march 2017.
inhouse training are possible though, just contact me.
presentations, keynotes & trainings in singapore, spain, netherlands, austria, ... and i'm booked out until beginning of next year :)
many presentations and keynotes at international conferences, booked out with projects - thank you for a great 2014!
what makes my work & results special
- it-security competence since 1994 - few people have more experience
- clarity on vulnerabilities in your critical infrastructures
- practical and down-to-earth recommendations which respect the organisation and processes
- know-how transfer with the results and better awareness among your team
- my systems, processes and office is certified by tisax 3.0 for advanced protection requirements
- my processes have been certified for their quality by ISO 9001