Pentest

Projects

1. (Directed) Greybox Fuzzing

• AFLTeam: Systematic and Dynamic Task Allocation for Collaborative Parallel Fuzzing
• UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
• AFLGo: I am one of maintainers of the state-of-the-art directed greybox fuzzer AFLGo [my blog]
• Awesome-Directed-Fuzzing: A curated list of directed whitebox/greybox fuzzing research papers

2. Binary Analysis

• BINSEC: Binary-level analysis open-source platform
  • Imported IDA control-flow graph into BINSEC v0.3
  • Improved and integrated the static Use-After-Free (UAF) bug detector GUEB into BINSEC

3. Fuzzing for fun

• Fuzzing corpus: A corpus, including various file formats for fuzzing multiple targets in the fuzzing literature
• Fuzzing targets: A collection of widely-fuzzed targets
• My PoCs: PoCs of the bugs I found
• ML&Sec: Research papers on machine learning based techniques for security (e.g., binary analysis, software testing)

3. Pentesting Platforms

• My OSCP journey
• Virtual Hacking Lab:
• Hack The Box:
• OffSec Proving Ground Practice: my writeups here
• PwnTillDawn: join my discord

CVEs

• MuPDF: CVE-2020-16600
• GNU Binutils: CVE-2020-16590, CVE-2020-16591, CVE-2020-16592, CVE-2020-16593, CVE-2020-16598, CVE-2020-16599
• OpenEXR: CVE-2020-16587, CVE-2020-16588, CVE-2020-16589
• GPAC: CVE-2019-20628, CVE-2019-20629, CVE-2019-20630, CVE-2019-20631, CVE-2019-20632, CVE-2020-11558
• GNU Patch: CVE-2019-20633
• GNU Binutils: CVE-2017-8392, CVE-2017-8393, CVE-2017-8394, CVE-2017-8395, CVE-2017-8396, CVE-2017-8397, CVE-2017-8398 (thanks to AFLGo)

Selected Bugs

More details in my reported issues on Github and my PoCs.

• GNU Binutils: #21409, #21412, #21414, #21431, #21432, #21434, #21438, #25821, #25822, #25823, #25827, #25840, #25842
• GNU Elfutils: #25831, #25838
• UPX: #363, #364, #365, #366, #367, #368
• libsass: #2955; #2956
• GNU Patch: #56681, #56683, #56684
• Perl 5: #134322, #134324, #134325, #134326, #134327, #134328, #134329, #134342
• PHP: #78182