Sergey Bronnikov

@[email protected]
91 Followers
118 Following
30 Posts

Superseded by account @sergeyb

(https://honk.bronevichok.ru/u/sergeyb)

Bloghttps://bronevichok.ru/
GitHubhttps://github.com/ligurio
Sergey BronnikovMar 1, 2023
LobstersMar 1, 2023
luzer: A coverage-guided, native Lua fuzzing engine https://github.com/ligurio/luzer | https://lobste.rs/s/pc8zx8 #lua #programming #security #testing
GitHub - ligurio/luzer: A coverage-guided, native Lua fuzzing engine

A coverage-guided, native Lua fuzzing engine. Contribute to ligurio/luzer development by creating an account on GitHub.

GitHub
Sergey BronnikovFeb 13, 2023

Another one fuzzing engine for Lua is afl-lua. It is an integration of AFL (American Fuzzy Lop) with Lua programming language.

https://github.com/ligurio/afl-lua

It is not feature-rich and effective as luzer (libfuzzer-based), but it is only initial version and I plan to make it sweet too.

#fuzzing #afl #lua #afl-lua

@aflplusplus

GitHub - ligurio/afl-lua: Integration of AFL (American Fuzzy Lop) with Lua programming language

Integration of AFL (American Fuzzy Lop) with Lua programming language - GitHub - ligurio/afl-lua: Integration of AFL (American Fuzzy Lop) with Lua programming language

GitHub
Sergey BronnikovFeb 13, 2023

Finally published a coverage-guided, native Lua fuzzing engine. I'll do some polishing before a first release, but it's ready for use now.

Some highlights: usage is quite similar to libfuzzer - define a fuzzing target and pass it to a function Fuzz, custom mutator can be defined as a Lua function, structure-aware inputs can be constructed using Fuzzing Data Provider (the same way as in libFuzzer). Moreover, added a code for building custom mutators in Lua for libFuzzer-based targets. Enjoy!

Would be nice to hear feedback!

https://github.com/ligurio/luzer

#fuzzing #luzer #libfuzzer #lua

GitHub - ligurio/luzer: A coverage-guided, native Lua fuzzing engine

A coverage-guided, native Lua fuzzing engine. Contribute to ligurio/luzer development by creating an account on GitHub.

GitHub
Sergey BronnikovFeb 13, 2023

A huge list with applications that uses telemetry with instructions how to opt it out.

https://toptout.me/

Toptout

Easily opt-out from telemetry collection

Sergey BronnikovJan 28, 2023

Anyone can help cppcheck by donating CPU (1 core or as many as you like). It is simple:

Download Cppcheck source code and run script.
The script will analyse debian source code and upload the results to a cppcheck server. This is needed both to improve Cppcheck and to detect regressions.

https://github.com/danmar/cppcheck#donate-cpu

GitHub - danmar/cppcheck: static analysis of C/C++ code

static analysis of C/C++ code. Contribute to danmar/cppcheck development by creating an account on GitHub.

GitHub
Sergey BronnikovJan 17, 2023
Show threadBenjamin Dumke-von der EheDec 18, 2022

Might make a couple final tweaks, but I'm pretty happy with this.

I present you: "This is fine", a diorama built from a single piece of paper.

Sergey BronnikovJan 10, 2023

"In the context of auditing Pornhub we have identified two critical flaws in PHP’s garbage collection algorithm (c.f. How we broke PHP, hacked Pornhub and earned $20,000)."

https://www.evonide.com/breaking-phps-garbage-collection-and-unserialize/

Breaking PHP's Garbage Collection and Unserialize | Security Research - Evonide

We discovered a use-after-free vulnerability in PHP's Garbage Collection. This vulnerability is exploitable over unserialize to get RCE on a remote server.

Sergey BronnikovApr 28, 2022
Specification of TAP version 14 has been published http://testanything.org/tap-version-14-specification.html It's a popular format of software testing results.
TAP 14 specification - Test Anything Protocol

Sergey BronnikovApr 27, 2022
Peter N. M. HansteenApr 27, 2022
If you cannot install the software you want on your own device – you don’t own it. 38 organizations demand the right to access and to reuse hardware https://fsfe.org/news/2022/news-20220427-01.html, full letter to EU Legislators here https://fsfe.org/activities/upcyclingandroid/openletter.html #ecodesign #RightToRepair #freesoftware #nuug
EU Ecodesign: 38 organisations demand the right to access and to reuse hardware - FSFE

The FSFE publishes an open letter, co-signed by 38 organisations and companies, to ask EU legislators for the right to install any software on any device, ...

FSFE - Free Software Foundation Europe
Show threadSergey BronnikovMar 16, 2022
"You can also join our chat channel using IRC (#briar on libera.chat or OFTC) or Matrix. " https://briarproject.org/get-involved/
Get Involved - Briar

We’re looking for volunteers to contribute to all aspects of the project, including design, development, documentation, translation and testing. We’re happy to provide guidance or mentoring for less experienced contributors. If you’re interested in getting involved or following the progress of the project, please join the development mailing list or email [email protected] [PGP key] . You can also join our chat channel using IRC (#briar on libera.chat or OFTC) or Matrix.