Implemented a Python3 bridge for libFuzzer that allows you to implement custom mutators in Python. Initial prototype up at github.com/MozillaSecurit…, work in progress, but any feedback is welcome :) #fuzzing #libfuzzer

A Windows kernel bug (DirectX) I discovered was fixed in the latest MS patches. Found via a custom fuzzer-pretty small and simple. Just targeted at very specific parts of the code portal.msrc.microsoft.com/en-US/security…

Our team has released the Grizzly Browser Fuzzing Framework. blog.mozilla.org/security/2019/…

This is a good read for everyone in security, in particular (but not only) for researchers. The result is both shocking and educational. Thanks to my friends at Cispa (degen) for doing this highly valuable work. #fuzzing #security #research #validation

Verifying myself: I am jkratzer on Keybase.io. 9AF2vCvteY-MY81f7jIJ-bGfd0D9g5Ep-CLy / keybase.io/jkratzer/sigs/…

The recording of my talk "The Human Component in Bug Finding" at #FuzzConEurope2020 is now available: youtube.com/watch?v=ifc2C5… Deploying #fuzzing in your company? Then this might be relevant to you. Thanks to @CI_GmbH for organizing the conference!

To reduce the delay in getting bugs fixed, Jason Kratzer and the @Mozilla fuzzing team automated as much of the process as possible. This effort resulted in the development of Bugmon. 🪲💻hacks.mozilla.org/2021/01/analyz…

How we are fuzzing Firefox? We described the whole pipeline: hacks.mozilla.org/2021/02/browse…

We've successfully deployed ThreadSanitizer for Firefox - If you are working on multi-threaded C/C++ code, you might be interested in our results and experiences: hacks.mozilla.org/2021/04/elimin… #tsan #sanitizers #fuzzing

Jason Kratzer Hackfest.ca yup, corelan-training.com/Find%20the%20r… (or just corelan-training.com)

I found the best bug to exploit ever: c1* o = new c1(a1) ((c2*)o)->m(a2) where a1&2, c1&2 and m are all attacker controlled. seriously.

#CCS17 paper HexType: Efficient Detection of Type Confusion Errors for C++ is out. Also, supporting Firefox is hard nebelwelt.net/publications/f…

Everything you've always wanted to know about Browser Security, now in one white paper from X41 D-SEC GmbH! blog.skylined.nl/20170919001.ht…

Can someone please explain #trevorforget? You know... for a friend of mine.

Our pacsec 2017 slides<<From Out of Memory to Remote Code Execution>> speakerdeck.com/yukichen/from-…

Next week we’re shipping the new Firefox. 🚢 Literally. Get on board and get to what you love faster (in both the browser & this boat in NYC). thebolditalic.com/a-boat-a-brows…

Close to 7 million lines of changed code later and we present the BRAND NEW FIREFOX. Fast, fierce & for good. mzl.la/2jolNon

We couldn't be more excited to see the first major Rust Language components from Servo landing alongside all the other great work in Firefox 🔥 #Quantum! Enjoy the new CSS styling and other improvments - next up, #WebRender. "Steal" all the things! x.com/firefox/status…

Fun with the new 3D printer, duplicating key from picture (or, what happens if you give decoder free time😇) youtube.com/watch?v=kUD_7p…