Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Nginx exploit writing weekend

John Menerick

This weekend will be ripe of opportunities for #nginx #exploit writing. Trying a new scheduler algorithm and Stensal's compiler against nginx's stable code base.

---------------------------------------------------

@meteor:~# afl-whatsup ~/Repository/FuzzMe/Nginx/sbin/findings/

status check tool for afl-fuzz by <[email protected]> with scheduler optimizations by <[email protected]> and <[email protected]>

Individual fuzzers

==================

>>> fuzzer01 (4 days, 13 hrs) <<<

cycle 1, lifetime speed 108 execs/sec, path 2626/3234 (81%)

pending 116/2979, coverage 13.58%, 92 crashes

>>> fuzzer02 (4 days, 13 hrs) <<<

cycle 429, lifetime speed 152 execs/sec, path 3562/4483 (79%)

pending 0/5, coverage 13.58%, 34 crashes

.........

Summary stats

1;;1;;1;;;1;;1;;1;;1;;1;;1;;1;;1;;1;;1;;

Fuzzers alive : 5

Total run time : 22 days, 17 hours

Total execs : 264 million

Cumulative speed : 669 execs/sec

Pending paths : 116 faves, 2999 total

Pending per fuzzer : 23 faves, 599 total (on average)

Crashes found : 471 locally unique

A collection of Bug Bounty polices and statements to run a program

StringIPC CSAW CTF solution