This is your work, valued

Antibes, France

Andrea Fioraldi

Elite
@andreafioraldi

Writing fuzzers to find assertion errors and null ptr derefs. Trying to do a Kamehameha since I was 4.

frida-fuzzer. This experimetal fuzzer is meant to be used for API in-memory fuzzing.

577

qasan. QASan is a custom QEMU 3.1.1 that detects memory errors in the guest using AddressSanitizer.

352

IDAngr. Use angr in the IDA Pro debugger generating a state from the current debug session

284

angrgdb. Use angr inside GDB. Create an angr state from the current debugger state.

205

cve_searchsploit. Search an exploit in the local exploitdb database by its CVE

176

frida-js-afl-instr. An example on how to do performant in-memory fuzzing with AFL++ and Frida

139

weizz-fuzzer. C

99

angrdbg. Abstract library to generate angr states from a debugger state

62

motherfucking-ctf. What do we say to JavaScript? Not today! motherfuckingwebsite.com inspired CTF platform.

51

pwntrace. Use ltrace with pwnlib.tubes.process instances, useful for heap exploitation. Pwntools rocks!

50

libafl_quickjs_fuzzing. An example fuzzer about how to fuzz a JS engine combinign Nautilus with Token-level fuzzing

47

FuzzSplore. FuzzSplore: Visualizing Feedback-Driven Fuzzing Techniques

37

r2angrdbg. Use angr inside the radare2 debugger. Create an angr state from the current debugger state.

34

useful-pwn-writeups. a repo of links to useful writeups of pwn challenges

33

asan-giovese. My AddressSanitizer implementation in C

29

afl-qemu-cov. Measure Basic Blocks coverage of all testcases in the AFL queue using a patched QEMU

23

taint-with-frida. just an experiment

22

idb2gdb. Load function names from an IDA Pro database inside GDB

21

angr-win64-wheels. prebuild angr wheels for Windows on x86_64

15

ConstrainedMemorySanitizer. C++

15

store-interval-tree. A balanced unbounded interval-tree in Rust with associated values in the nodes

13

deferred_driller. My version of driller using Intel PIN and angrgdb. In "theory" can work with AFL in deferred and persistent mode.

13

QEMU-SanCov. SanitizerCoverage hooks and coverage reports for user-mode QEMU

12

IdaVSHelp. IDAPython plugin to integrate Visual Studio Help Viewer in IDA Pro >= 6.8

12

CristoShot. MS Paint powered graphics game in C# 2008 in which an ass throws things to Jesus as antistress

11

afl. AFL with QEMU 3.1.0 + optimizations (thread safe this time) from https://github.com/abiondo/afl

10

IdaGrabStrings. IDAPython plugin to search strings in a specified range of addresses and map it to a C struct

9

IdaRetAddr. Highlight the return address of a function in the Ida Pro debugger

8

leakyleak. a POC for the libc address leak using __libc_csu_init from the paper https://i.blackhat.com/briefings/asia/2018/asia-18-Marco-return-to-csu-a-new-method-to-bypass-the-64-bit-Linux-ASLR-wp.pdf

8

ascii-ctf. A tiny and minimal web platform for jeopardy ctf hosting. Who needs javascript? Real hackers use ascii.

8

libradamsa. Precompiled radamsa library

8

sanitizer_stacktrace_rs. A Rust crate to generate backtraces using the LLVM codebase

7

bsc-thesis. Symbolic Execution and Debugging Synchronization - Bsc Thesis

6

mc2. Mirror of the MC2 fuzzer https://dl.acm.org/doi/10.1145/3548606.3560648

6

FFF. C++

6

AFL-exp. C

6

IDAngr-PinTool. PinTool skeleton for state synchronization with IDAngr

6

aosv-cheatshit. shitty partial notes of the Advanced Operating Systems and Virtualization course in shitty text files

6

ToolsForCyberChallenge. A set of tools that i developed to help me during the CyberChallenge.IT 2017

6

meminterval. A simple interval-tree in Rust made to store memory mappings

6

Superion. A backup of the Superion fuzzer cause the original repo (https://github.com/zhunki/Superion) was deleted

5

qasan-examples. Collection of QASan examples

5

angrkd. angrdbg + pykd to be used in WinDBG

5

Reverse80. Open a reverse shell in a web page using HTTP

4

andreafioraldi.

3

IdaMSDNHelp. IdaPython plugin to open MSDN Help Search page

3