Using AFL++ on bug bounty programs: an example with Gnome libsoup
Published on Wed 30 October 2024 by @sigabrt9
A case study in using AFL++, afl-cov and basic custom harnesses to find a bug in libsoup for a public bug bounty program.
Shell in the Ghost: Ghostscript CVE-2023-28879 writeup
Published on Tue 11 April 2023 by @sigabrt9
This write-up details how CVE-2023-28879 - an RCE in Ghostscript - was found and exploited. Due to the prevalence of Ghostscript in PostScript processing, this vulnerability may be reachable in many applications that process images or PDF files (think ImageMagick, PIL, etc.), making this an important one to patch and look out for.