With Labor Day behind us and summer coming to an end, this quarter we are going back to school. In the ever-evolving world of hacking, there are always new tools to learn and new challenges to test your skills. What is truly amazing about the age of the internet is you can find the software and education necessary to hone your hacking skills free of charge.
Below, you’ll find some tools, tutorials, and headlines to help you graduate to the next level of hacker you can be!
We hope you enjoy reading these newsletters as much as we love putting them together for you. Tell us what you like and what we can do better here.
No school year can begin without the right supplies. Over the years, we’ve traded in pencils and paper for keyboards and monitors. What is more important these days is how you use those supplies.
Below is a list of some of the community’s favorite fuzzing tools. The best part? They are all free!
Go Fuzzer gofuzz is a library to populate go objects with random values.
OSS-Fuzz OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable distributed execution.
Mayhem for API Probe your REST API with an infinite stream of test cases generated automatically from your OpenAPI specification or Postman collection.
OneFuzz Project OneFuzz enables continuous developer-driven fuzzing to proactively harden software prior to release. With a single command, which can be baked in CICD, developers can launch fuzz jobs from a few virtual machines to thousands of cores.
AFL American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple, but rock-solid instrumentation-guided genetic algorithm. It uses a modified form of edge coverage to effortlessly pick up subtle, local-scale changes to program control flow.
LibFuzzer LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine.
Peach Fuzzer This is the community edition of GitLab’s protocol fuzzing framework. This framework is based on Peach Fuzzer Professional with some features removed.
Honggfuzz A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options.
Thank you for checking out the third Hacker's Guide! You can find previous issues here, and if you would like to let us know what to improve upon for the future (or tell us we're doing a good job), you can do it here.