GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Cr4sh → MsFontsFuzz

Cr4sh / MsFontsFuzz

Licence: other
OpenType font file format fuzzer for Windows

Programming Languages

C++
36643 projects - #6 most used programming language
objective c
16641 projects - #2 most used programming language

Labels

windowsfontskernelfuzzingvulnerabilitiesreversingwin32k

Projects that are alternatives of or similar to MsFontsFuzz

srcinv
source code audit tool
Stars: ✭ 45 (-8.16%)
Mutual labels:  kernel, fuzzing
Kernelpop
kernel privilege escalation enumeration and exploitation framework
Stars: ✭ 628 (+1181.63%)
Mutual labels:  kernel, vulnerabilities
Difuze
Fuzzer for Linux Kernel Drivers
Stars: ✭ 285 (+481.63%)
Mutual labels:  kernel, fuzzing
Clusterfuzz
Scalable fuzzing infrastructure.
Stars: ✭ 4,648 (+9385.71%)
Mutual labels:  fuzzing, vulnerabilities
Cfb
Canadian Furious Beaver is a tool for hijacking IRPs handler in Windows drivers, and facilitating the process of analyzing Windows drivers for vulnerabilities
Stars: ✭ 146 (+197.96%)
Mutual labels:  kernel, fuzzing
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+1887.76%)
Mutual labels:  fuzzing, vulnerabilities
Kafl
Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
Stars: ✭ 486 (+891.84%)
Mutual labels:  kernel, fuzzing
Oss Fuzz
OSS-Fuzz - continuous fuzzing for open source software.
Stars: ✭ 6,937 (+14057.14%)
Mutual labels:  fuzzing, vulnerabilities
Fisy Fuzz
This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.
Stars: ✭ 110 (+124.49%)
Mutual labels:  kernel, fuzzing
Hacksysextremevulnerabledriver
HackSys Extreme Vulnerable Windows Driver
Stars: ✭ 1,330 (+2614.29%)
Mutual labels:  kernel, vulnerabilities
clusterfuzzlite
ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
Stars: ✭ 315 (+542.86%)
Mutual labels:  fuzzing, vulnerabilities
Kafl
A fuzzer for full VM kernel/driver targets
Stars: ✭ 204 (+316.33%)
Mutual labels:  kernel, fuzzing
Syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+7738.78%)
Mutual labels:  kernel, fuzzing
Paper collection
Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
Stars: ✭ 710 (+1348.98%)
Mutual labels:  kernel, fuzzing
Vulnerable Kext
A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation
Stars: ✭ 188 (+283.67%)
Mutual labels:  kernel, vulnerabilities
PersonalStuff
This is a repo is to upload files done during my research.
Stars: ✭ 94 (+91.84%)
Mutual labels:  fuzzing, vulnerabilities
sqredirect
Redirection and filtering Source Engine game traffic in bundle with sqproxy
Stars: ✭ 21 (-57.14%)
Mutual labels:  kernel
Macaron
A sweet hobby made operating system written in C++ for x86 CPUs with GUI
Stars: ✭ 34 (-30.61%)
Mutual labels:  kernel
x86 starterkit
👷🏻‍♂️ An easy starting point for your first OS/Kernel
Stars: ✭ 32 (-34.69%)
Mutual labels:  kernel
xone
Linux kernel driver for Xbox One and Xbox Series X|S accessories
Stars: ✭ 636 (+1197.96%)
Mutual labels:  kernel
View All Similar Projects ➔ 
*********************************************************

  MsFontsFuzz: OpenType font format fuzzer for Windows

  By Oleksiuk Dmytro (aka Cr4sh)
  http://twitter.com/d_olex
  http://blog.cr4.sh
  mailto:[email protected]
  
*********************************************************

USAGE:

  > MsFontsFuzz.exe <font_name> <font_file_path> [options]

... where <font_name> and <font_file_path> – Text name of the font and path to the .TTF/.OTF font file.

The [options] can be:

  --test – Just draw font characters and print file information without fuzzing.

  --text – String that will be drawn during fuzzing using the specified font. By default - ASCII ñcharacters string in range 20h – 7Fh.

  --noisy – Print detailed information about each fuzzing iteration.

  --fix-crcs – Fix invalid checksums in specified font file without fuzzing.
  
  
EXAMPLE:

See Release\BrushScriptStd_Fuzzing.bat - you can run this scenario to start fuzzing with the Brush Script Std Regular font.

This fuzzer helps me to find remote (client-side) DoS 0day vulnerability in Windows kernel, with invalid decoding of 0x0d byte in the Type 2 Charstring Format Glyph, that drops ATMFD.DLL code into the infinite loop.

PoC code: http://dl.dropbox.com/u/22903093/blog/CFF_Type-1_0x0d_expl/CFF_Type-1_0x0d_expl.rar

Detailed analysis (russian): http://blog.cr4.sh/2012/06/0day-windows.html
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].