This post shows how we can set up chromium source code in the elixir project that makes code auditing very convinient.

This post shows how I discovered 2 CVEs in fluent-bit using network fuzzer called boofuzz. Different mangled HTTP packets are sent to differnt input endpoints of fluent-bit to find vulnerabilities.

This post contains my attempt to rediscover CVE-2021-3156 using fuzzing with AFL++. This post also shows how much good input corpus is necessary for vulnerability finding as without the 2 inputs given, this bug would not have been found by the fuzzer.

In this post I try to rediscover CVE-2024-35524 with AFL++. This post teaches us how crucial code coverage is in fuzzing campaigns. This vulnerability was triggered in a few seconds and the hard part was to cover the code that had the vulnerability.

This post contains detailed steps on how I found CVE-2024-22857 in zlog logging library with fuzzing using AFL++.

This post contains root cause analysis and PoC for CVE-2024-22857.