Mayhem Blog

ForAllSecure Researcher, Guido Vranken walks readers through his workflow for uncovering for OpenWRT remote code execution vulnerability.

Richard Bae, Director of Federal Solutions at ForAllSecure, shares the top 3 trends he and his team observed at ShmooCon 2020.

Dr. David Brumley, ForAllSecure CEO, demystifies a proven DevSecOps technique known as continuous fuzzing, and further details on how organizations can get started.

ForAllSecure Engineer Maxwell Koo walks readers through a technical case study on fuzzing open source libraries using FreeImage as an example.

ForAllSecure interns, Paul Emge and Zion Basque, uncover four vulnerabilities in Das U-Boot, a common bootloader on embedded devices, including Amazon Kindles, ARM Chromebooks, networking hardware, and more.

David Brumley, CEO of ForAllSecure, reflects on the current vulnerability disclosure process and assesses what must change in order to accommodate the rapid speed and scale at which new vulnerabilities are being discovered.

Mel Llaguno, ForAllSecure's Commercial Solutions Lead, introduces readers to a next-generation fuzz testing technique that combines two proven and accepted Application Security Testing techniques: guided fuzzing and symbolic execution.

Maxwell Koo, ForAllSecure Engineer, documents how he uncovered 8 previously unknown vulnerabilities after analyzing two open source libraries -- Matio and stb_vorbis -- utilizing Mayhem, a next-generation fuzzer.

Paul Roberts, editor-in-chief at Security Ledger, sits down with David Brumley, CEO of ForAllSecure and Computer Science Professor at CMU, to discuss the potential of AI, machine learning, and automation in application security. They discuss what's possible today and may be possible in the future.