Mayhem Blog

ForAllSecure Researcher, Mark Griffin, introduces viewers to automated coverage analysis, a workflow that helps users gain additional value from fuzzing.

ForAllSecure Researcher, Guido Vranken walks readers through his workflow for uncovering for OpenWRT remote code execution vulnerability.

Richard Bae, Director of Federal Solutions at ForAllSecure, shares the top 3 trends he and his team observed at ShmooCon 2020.

Dr. David Brumley, ForAllSecure CEO, demystifies a proven DevSecOps technique known as continuous fuzzing, and further details on how organizations can get started.

ForAllSecure Engineer Maxwell Koo walks readers through a technical case study on fuzzing open source libraries using FreeImage as an example.

ForAllSecure interns, Paul Emge and Zion Basque, uncover four vulnerabilities in Das U-Boot, a common bootloader on embedded devices, including Amazon Kindles, ARM Chromebooks, networking hardware, and more.

David Brumley, CEO of ForAllSecure, reflects on the current vulnerability disclosure process and assesses what must change in order to accommodate the rapid speed and scale at which new vulnerabilities are being discovered.

Mel Llaguno, ForAllSecure's Commercial Solutions Lead, introduces readers to a next-generation fuzz testing technique that combines two proven and accepted Application Security Testing techniques: guided fuzzing and symbolic execution.

Maxwell Koo, ForAllSecure Engineer, documents how he uncovered 8 previously unknown vulnerabilities after analyzing two open source libraries -- Matio and stb_vorbis -- utilizing Mayhem, a next-generation fuzzer.