Profile

Cover photo
Michal Zalewski
Attended Midvale School for the Gifted
666,238 views
AboutPosts

Stream

Michal Zalewski

Shared publicly  - 
 
Weekend experiments, contd
5
Add a comment...

Michal Zalewski

Shared publicly  - 
23
2
Elazar Leibovich's profile photoMarek Hobler's profile photoJulia Wilk's profile photoTomasz Sterna's profile photo
2 comments
 
Why should I care? If someone doesn't want to see me, please just don't look at my window :)
Add a comment...

Michal Zalewski

Shared publicly  - 
 
Moab
16
1
Peter Valchev's profile photoNick Pascucci's profile photo
 
Love Moab!
Add a comment...

Michal Zalewski

Shared publicly  - 
 
Utah
3
Add a comment...

Michal Zalewski

Shared publicly  - 
 
I guess this is my idea of weekend fun? I... guess?

http://lcamtuf.coredump.cx/css_algebra/
History theft with CSS Boolean algebra. Up until mid-2010, any rogue website could get a good sense of your browsing habits by specifying a distinctive :visited pseudo-class, rendering thousands of interesting URLs off-screen, and then calling the getComputedStyle API to figure out which pages ...
18
4
Michał Pańczyk's profile photoamir herzberg's profile photo
Add a comment...

Michal Zalewski

Shared publicly  - 
 
Logo for afl-fuzz
22
Florian Kiersch (Mortes)'s profile photoMatt Moore's profile photoMefi Stofeles (GiM)'s profile photo
3 comments
 
AFL - The Artificial Glitch Artist
Add a comment...

Michal Zalewski

Shared publicly  - 
 
I originally released afl-fuzz in November of 2013. Back then, it was simply another take on an idea I first toyed with in 2007, inspired in large part by the work on corpus distillation done by Tavis Ormandy. It almost ended up in the dustbin of history: early on, the project had many ...
20
4
Marcin Ślusarz's profile photoPaweł Prażak's profile photo
Add a comment...

Michal Zalewski

Shared publicly  - 
This is an interesting demonstration of the capabilities of afl; I was actually pretty surprised that it worked! $ mkdir in_dir $ echo 'hello' >in_dir/hello $ ./afl-fuzz -i in_dir -o out_dir ./libjpeg-turbo-1.3.1/djpeg. In essence, I created a text file containing just "hello" and asked the ...
46
16
Mauro Risonho de Paula Assumpção's profile photoPaweł Prażak's profile photoDavid Tardon's profile photoClaudio Criscione's profile photo
2 comments
 
You should talk to Google Brain team. +Jeff Dean​
Add a comment...

Michal Zalewski

Shared publicly  - 
 
A Beowulf cluster! Or something...

http://lcamtuf.coredump.cx/edison_fuzz/
Fuzzing on Edison: field report. When Intel Edison came out in September 2014, it caught my eye not only because of my unhealthy obsession with robotics, but also because it seemed like an interesting platform for security enthusiasts to perform hobby fuzzing work. For those of you not familiar ...
34
7
Manuel D'Orso (CirKu17)'s profile photoJeremiah McCann's profile photoJohn Schultz's profile photoIan Robertson's profile photo
17 comments
 
It's interesting though.. I mean - even if we assume that for a 1U server (let's say it's 100x faster than Edison with multi-core multi-CPU setup) we can pack like 500 of such boards, nobody really does that for CPU farms (to maximize space/speed ratio). Maybe the heat dissipation would be a problem, maybe the supporting infr. (power, network).
Add a comment...

Michal Zalewski

Shared publicly  - 
 
Fuzzing is one of the most powerful strategies for identifying security issues in real-world software. Unfortunately, it also offers fairly shallow coverage: it is impractical to exhaustively cycle through all possible inputs, so even something as simple as setting three separate bytes to a ...
15
4
Radomir Dopieralski (deshipu)'s profile photosaso badovinac's profile photo
Add a comment...

Michal Zalewski

Shared publicly  - 
 
Colorado
28
Ryan R's profile photo
Ryan R
+
1
2
1
 
Really nice shots!
Add a comment...
Story
Tagline
Employee of the month, January 1997
Introduction
Easily intimidated by tall people, loud noises, and sudden flashes of bright light.
Education
  • Midvale School for the Gifted
Work
Occupation
Security Televangelist
Links
Other profiles
Contributor to