They who can give up essential liberty
to obtain a little temporary safety,
deserve neither liberty nor safety.
Benjamin Franklin, 1775
moved to a new server, the old one was running for over 12 years!
AFL++ 4.0 released with huge improvements; Hydra 9.3 released with minor improvements :-) ... fully booked until end of April
I am booked out until the end of the year. I successfully passed again the tisax 5.0 high protection security certification.
do good and tell everyone about it: every year I donate 6000 Euro to the animal shelter in Berlin and for education of kids in the philippines.
as microsoft is seemingly doing nothing against spammer abusing the Azure cloud and Outlook365 services, I have blocked any access from these. You will have to use an alternative Email to reach me if you use O365. Thank you.
due to the pandemic everything slowed down a bit and happens now from home ... but there are now the afl++ v3.0 and thc-ipv6 3.8 releases :-) Happy holidays!
over the last year afl++ became the best fuzzer available - by independant assessments: Google's FuzzBench Fuzzer Benchmark Assessment from July 2020
I also participated in an academic paper that was accepted for the 14th USENIX Workshop on Offensive Technologies: AFL++: Combining incremental steps of fuzzing research
a lot has happend the last months, so here are the highlights:
my afl++ project attracted 3 talented security guys, and we are making the project so much better at such a fast pace - it is amazing! It is that good that is was selected to be in Google Summer of Code :-)
I am performing a training on fuzzing source code and binary programs at the Troopers conference
I wrote an article on the effectiveness of security static code analysis tools which is online now: heise developer: statische code analyse auf dem prüfstand (GERMAN)
since afl is not being maintained since fall 2017 and i am collecting afl community patches for over a year i created an update afl++. increased performance in llvm and qemu mode, bug fixes and new featres. plus I added the enhanced performance from aflfast. in other words its the best afl out there :)afl++ at github
i just released version9.0 of hydra: new modules rdp, mongodb and memcachedhydra at github
the quality of my security servies are now certified by iso 9001:2015!
i wish everyone a happy new year!
2019 was already started enthusiastically by me - I made new releases of hydra and thc-ipv6 available, additionally afl-dyninst now supports dyninst 10!
that being said, I am currently getting my processes iso 9001 certified :)hydra at github thc-ipv6 at github afl-dyninst at github
I am now tisax level 3 security certified for handling prototypes and information with high protection requirements.
afl-dynamorio enables blackbox binary fuzzing with alf-fuzz through dynamorio
afl patches is a collection of patches for afl that improve performance, coverage, features - or fixes bugs.
additionally I improved the performance of afl-dyninst which is now by far the fastest guided fuzzer solution for blackbox binaries.afl with dynamorio afl patches afl-dyninst
happy eastern! and I brought gifts:
afl-pin enables blackbox binary fuzzing with alf-fuzz through pintool
afl-simulate simulates afl-fuzz to benchmark performance of e.g. afl-pin, afl-dynamorio and afl-dyninst
additionally I am now the co-author of afl-dyninst :)afl with pintool afl-fuzz simulator afl-dyninst
i just released version 3.4 of my ipv6 pentest toolkit.
happy new year!
about 20 years ago I coded the proof-of-concept tool rwwwshell. today it can be seen used in the tv series mr.robot in season 2 episode 12 and season 3 episode 1 :)
i wish everyone happy holidays and a great new year!
at the (german) heise conference for secure software development (24-26 october 2017) I will do a talk about the (in-)security impact of processors and compilers on the machine code created.my talk at heise secdev 2017 (german)
attention: by availability for the rest of 2017 is already getting low!
and i just released version 8.6 of hydra
i just released version 8.5 of hydrahydra at github
the new design of the web page is there :)
the year worked out perfectly well with interesting projects and a lot of work. thank you for your trust in me! i wish everyone a happy xmas and a wonderful new year!
my ipv6 pentest & security training will be held for a last time for north america at the cansecwest security conference in vancouver from the 12-13th march 2017.
inhouse training are possible though, just contact me.
presentations, keynotes & trainings in singapore, spain, netherlands, austria, ... and i'm booked out until beginning of next year :)
many presentations and keynotes at international conferences, booked out with projects - thank you for a great 2014!
what makes my work & results special
- it-security competence since 1994 - few people have more experience
- clarity on vulnerabilities in your critical infrastructure
- practical and down-to-earth recommendations which respect the organisation and processes
- know-how transfer with the results and better awareness among your team
- my systems, processes and office is certified by tisax 3.0 for advanced protection requirements
- my processes have been certified for their quality by ISO 9001