Michio JP

Michio JP

1634022868

ParmeSan | Sanitizer-Guided Greybox Fuzzer Based on Angora

ParmeSan is a sanitizer-guided greybox fuzzer based on Angora.

Published Work

USENIX Security 2020: ParmeSan: Sanitizer-guided Greybox Fuzzing.

The paper can be found here: ParmeSan: Sanitizer-guided Greybox Fuzzing

Building ParmeSan

See the instructions for Angora.

Basically run the following scripts to install the dependencies and build ParmeSan:

build/install_rust.sh
PREFIX=/path/to/install/llvm build/install_llvm.sh
build/install_tools.sh
build/build.sh

ParmeSan also builds a tool bin/llvm-diff-parmesan, which can be used for target acquisition.

Building a target

First build your program into a bitcode file using clang (e.g., base64.bc). Then build your target in the same way, but with your selected sanitizer enabled. To get a single bitcode file for larger projects, the easiest solution is to use gllvm.

# Build the bitcode files for target acquisition
USE_FAST=1 $(pwd)/bin/angora-clang -emit-llvm -o base64.fast.bc -c base64.bc
USE_FAST=1 $(pwd)/bin/angora-clang -fsanitize=address -emit-llvm -o base64.fast.asan.bc -c base64.bc
# Build the actual binaries to be fuzzed
USE_FAST=1 $(pwd)/bin/angora-clang -o base64.fast -c base64.bc
USE_TRACK=1 $(pwd)/bin/angora-clang -o base64.track -c base64.bc

Then acquire the targets using:

bin/llvm-diff-parmesan -json base64.fast.bc base64.fast.asan.bc

This will output a file targets.json, which you provide to ParmeSan with the -c flag.

For example:

$(pwd)/bin/fuzzer -c ./targets.json -i in -o out -t ./base64.track -- ./base64.fast -d @@

Options

ParmeSan's SanOpt option can speed up the fuzzing process by dynamically switching over to a sanitized binary only once the fuzzer reaches one of the targets specified in the targets.json file.

Enable using the -s [SANITIZED_BIN] option.

Build the sanitized binary in the following way:

USE_FAST=1 $(pwd)/bin/angora-clang -fsanitize=address -o base64.asan.fast -c base64.bc

Targets input file

The targets input file consisit of a JSON file with the following format:

{
  "targets":  [1,2,3,4],
  "edges":   [[1,2], [2,3]],
  "callsite_dominators": {"1": [3,4,5]}
}

Where the targets denote the identify of the cmp instruction to target (i.e., the id assigned by the __angora_trace_cmp() calls) and edges is the overlay graph of cmp ids (i.e., which cmps are connected to each other). The edges filed can be empty, since ParmeSan will add newly discovered edges automatically, but note that the performance will be better if you provide the static CFG.

It is also possible to run ParmeSan in pure directed mode (-D option), meaning that it will only consider new seeds if the seed triggers coverage that is on a direct path to one of the specified targets. Note that this requires a somewhat complete static CFG to work (an incomplete CFG might contain no paths to the targets at all, which would mean that no new coverage will be considered at all).

ParmeSan Screenshot

How to get started

Have a look at BUILD_TARGET.md for a step-by-step tutorial on how to get started fuzzing with ParmeSan.

FAQ

  • Q: I get a warning like ==1561377==WARNING: DataFlowSanitizer: call to uninstrumented function gettext when running the (track) instrumented program.
  • A: In many cases you can ignore this, but it will lose the taint (meaning worse performance). You need to add the function to the abilist (e.g., llvm_mode/dfsan_rt/dfsan/done_abilist.txt) and add a custom DFSan wrapper (in llvm_mode/dfsan_rt/dfsan/dfsan_custom.cc). See the Angora documentation for more info.
  • Q: I get an compiler error when building the track binary.
  • A: ParmeSan/ Angora uses DFSan for dynamic data-flow analysis. In certain cases building target applications can be a bit tricky (especially in the case of C++ targets). Make sure to disable as much inline assembly as possible and make sure that you link the correct libraries/ llvm libc++. Some programs also do weird stuff like an indirect call to a vararg function. This is not supported by DFSan at the moment, so the easy solution is to patch out these calls, or do something like indirect call promotion.
  • Q: llvm-diff-parmesan generates too many targets!
  • A: You can do target pruning using the scripts in tools/ (in particular tools/prune.py) or use ASAP to generate a target bitcode file with fewer sanitizer targets.

Docker image

You can also get the pre-built docker image of ParmeSan.

docker pull vusec/parmesan
docker run --rm -it vusec/parmesan
# In the container you can build objdump
/parmesan/misc/build_objdump.sh

Download Details:
 

Author: vusec
Download Link: Download The Source Code
Official Website: https://github.com/vusec/parmesan 
License: Apache-2.0 License

 

What is GEEK

Buddha Community

Hand Sanitizer in bulk - Get your effective hand sanitizer here

With the spread of various harmful virus globally causing immense distress and fatalities to human mankind, it has become absolutely essential for people to ensure proper and acute hygiene and cleanliness is maintained. To further add to the perennial hardship to save lives of people the recent pandemic of Covid-19 affected globally created the worst nightmare for people of all walks of life. Looking at the present crisis, it has become imperative for human beings to be encouraged to tackle this challenge with an everlasting strength to help protect oneself and their loved ones against the devastating effects of the virus. One thing that stands up between keeping all safe and vulnerable is by making sure that everybody attentively Hand wash periodically to help physically remove germs from the skin and getting rid of the live microbes.

The essence of apposite handwashing is based around time invested in washing and the amount of soap and water used. Technically, washing hands without soap is much less effective anyway. But incase a proper handwashing support system doesn’t become possible around, the usage of Effective Hand Sanitizer will certainly help fight to reduce the number of microbes on the surface of hands efficiently, eliminating most variants of harmful bacteria to settle.

The need has come about for Hand Sanitizer in bulk to save your daily life aptly maintaining a minimum of 60% alcohol - as per the CDC recommendations and approved by USFDA for its greater effectiveness. With the growing demand of people on the move the demand for easy to carry, small, and travel size worthy pouches that are also refillable once the product runs out is the need of the hour. To further make sure that human lives are well protected from these external viruses, it is mandatory for producer of effective Hand Sanitizer to evolve products circumspectly with ingredients that produce not just saving lives but with multiple benefits for people of all ages.

#hand sanitizer #hand sanitizer in bulk #hand sanitizer ingredient #hand sanitizer to alcohol #hand sanitizer travel size #hand sanitizer wholesale

Michio JP

Michio JP

1634022868

ParmeSan | Sanitizer-Guided Greybox Fuzzer Based on Angora

ParmeSan is a sanitizer-guided greybox fuzzer based on Angora.

Published Work

USENIX Security 2020: ParmeSan: Sanitizer-guided Greybox Fuzzing.

The paper can be found here: ParmeSan: Sanitizer-guided Greybox Fuzzing

Building ParmeSan

See the instructions for Angora.

Basically run the following scripts to install the dependencies and build ParmeSan:

build/install_rust.sh
PREFIX=/path/to/install/llvm build/install_llvm.sh
build/install_tools.sh
build/build.sh

ParmeSan also builds a tool bin/llvm-diff-parmesan, which can be used for target acquisition.

Building a target

First build your program into a bitcode file using clang (e.g., base64.bc). Then build your target in the same way, but with your selected sanitizer enabled. To get a single bitcode file for larger projects, the easiest solution is to use gllvm.

# Build the bitcode files for target acquisition
USE_FAST=1 $(pwd)/bin/angora-clang -emit-llvm -o base64.fast.bc -c base64.bc
USE_FAST=1 $(pwd)/bin/angora-clang -fsanitize=address -emit-llvm -o base64.fast.asan.bc -c base64.bc
# Build the actual binaries to be fuzzed
USE_FAST=1 $(pwd)/bin/angora-clang -o base64.fast -c base64.bc
USE_TRACK=1 $(pwd)/bin/angora-clang -o base64.track -c base64.bc

Then acquire the targets using:

bin/llvm-diff-parmesan -json base64.fast.bc base64.fast.asan.bc

This will output a file targets.json, which you provide to ParmeSan with the -c flag.

For example:

$(pwd)/bin/fuzzer -c ./targets.json -i in -o out -t ./base64.track -- ./base64.fast -d @@

Options

ParmeSan's SanOpt option can speed up the fuzzing process by dynamically switching over to a sanitized binary only once the fuzzer reaches one of the targets specified in the targets.json file.

Enable using the -s [SANITIZED_BIN] option.

Build the sanitized binary in the following way:

USE_FAST=1 $(pwd)/bin/angora-clang -fsanitize=address -o base64.asan.fast -c base64.bc

Targets input file

The targets input file consisit of a JSON file with the following format:

{
  "targets":  [1,2,3,4],
  "edges":   [[1,2], [2,3]],
  "callsite_dominators": {"1": [3,4,5]}
}

Where the targets denote the identify of the cmp instruction to target (i.e., the id assigned by the __angora_trace_cmp() calls) and edges is the overlay graph of cmp ids (i.e., which cmps are connected to each other). The edges filed can be empty, since ParmeSan will add newly discovered edges automatically, but note that the performance will be better if you provide the static CFG.

It is also possible to run ParmeSan in pure directed mode (-D option), meaning that it will only consider new seeds if the seed triggers coverage that is on a direct path to one of the specified targets. Note that this requires a somewhat complete static CFG to work (an incomplete CFG might contain no paths to the targets at all, which would mean that no new coverage will be considered at all).

ParmeSan Screenshot

How to get started

Have a look at BUILD_TARGET.md for a step-by-step tutorial on how to get started fuzzing with ParmeSan.

FAQ

  • Q: I get a warning like ==1561377==WARNING: DataFlowSanitizer: call to uninstrumented function gettext when running the (track) instrumented program.
  • A: In many cases you can ignore this, but it will lose the taint (meaning worse performance). You need to add the function to the abilist (e.g., llvm_mode/dfsan_rt/dfsan/done_abilist.txt) and add a custom DFSan wrapper (in llvm_mode/dfsan_rt/dfsan/dfsan_custom.cc). See the Angora documentation for more info.
  • Q: I get an compiler error when building the track binary.
  • A: ParmeSan/ Angora uses DFSan for dynamic data-flow analysis. In certain cases building target applications can be a bit tricky (especially in the case of C++ targets). Make sure to disable as much inline assembly as possible and make sure that you link the correct libraries/ llvm libc++. Some programs also do weird stuff like an indirect call to a vararg function. This is not supported by DFSan at the moment, so the easy solution is to patch out these calls, or do something like indirect call promotion.
  • Q: llvm-diff-parmesan generates too many targets!
  • A: You can do target pruning using the scripts in tools/ (in particular tools/prune.py) or use ASAP to generate a target bitcode file with fewer sanitizer targets.

Docker image

You can also get the pre-built docker image of ParmeSan.

docker pull vusec/parmesan
docker run --rm -it vusec/parmesan
# In the container you can build objdump
/parmesan/misc/build_objdump.sh

Download Details:
 

Author: vusec
Download Link: Download The Source Code
Official Website: https://github.com/vusec/parmesan 
License: Apache-2.0 License

 

What is Base Protocol (BASE) | What is BASE token

Base Protocol (BASE) is a token whose price is pegged to the total market cap of all cryptocurrencies at a ratio of 1:1 trillion. BASE allows traders to speculate on the entire crypto industry with one token. The Base Protocol is built on the Ethereum blockchain, integrates a (Chainlink) oracle, and is launching on ((Uniswap)

As cryptocurrency enthusiasts, we’re sometimes divided on which digital assets to buy — bullish on certain projects and bearish on others.

But we all agree on one thing, which is that the overall cryptocurrency industry will achieve long-term growth and future adoption.

The Base Protocol makes it possible to invest with this consensus. BASE allows traders to speculate on the entire industry with one token.

Image for post

The Base Protocol is the world’s first and only tokenized cryptocurrency market tracker. By holding BASE tokens, users can get exposure to the performance of the entire cryptocurrency market. Unlike the index trackers currently operating in the traditional markets, there is no entry or exit fee or brokerage charges.

Index funds have consistently outperformed actively managed mutual funds. Until the launch of BASE, there was no real cryptocurrency market tracker that tracked the performance of the entire digital asset market. BASE will be useful for institutional investors and traders to diversify and hedge their crypto portfolios. BASE will also help new and existing retail investors to take out the guesswork and get exposed to the growth of all current and future digital assets entering the market.

The BASE token’s underlying protocol creates several additional use cases in DeFi, trading, venture capital, hedge funds and many other business sectors.

The Base Protocol mission is simple — to make it easy for everyone to benefit from the performance of the entire cryptocurrency market in a secure, decentralized and future-proof way.

Why BASE?

It’s no doubt that a crypto industry ETF would be a valuable product for investors. But it is very challenging to create such a product through traditional means, as it would be almost impossible to manage portfolio ownership of 5,000+ assets. How would the portfolio manager weigh ownership of each asset as market cap dominance changes? How would they account for newly entering/exiting assets? Who would take on all the associated transaction and custodial fees? There are also various legal limitations that restrict the formation of such an instrument in many countries — and even if it could be formed, it would be a highly centralized product.

By simply pegging price to the total market capitalization of all cryptocurrencies, the Base Protocol cuts through all of these problems. BASE gives holders the same function as a traditional industry ETF without all of the centralized challenges that make such an ETF impossible.

BASE will offer new value for investors in the cryptocurrency ecosystem through an elegantly simple protocol — so valuable and so simple that you might be asking yourself:

How has this not been done before?

The answer is that it wasn’t possible until recently. This project couldn’t be achieved without a robust decentralized blockchain, proven oracle integrations, and new developments in the DeFi space. We founded the Base Protocol to build on these innovations and create BASE; one tokenized asset that represents speculation on all cryptocurrencies.

Vision

We’ve seen that there are many individuals who want to invest in cryptocurrencies, but don’t necessarily understand how they work. While the overview for each different crypto asset can be difficult to understand for a new user, the pitch for BASE is simple: it’s the way to invest in all of those crypto assets simultaneously. In this way, the Base Protocol can become an instrumental force in driving new adoption in the blockchain space.

We’ve also noticed that institutional investors have been introducing cryptocurrency investments to their portfolios. These institutions typically invest at a high level with great diversification covering multiple industries. Their cryptocurrency holdings are usually composed of just Bitcoin, or some handful mix of “blue chip” digital assets. By holding BASE, these institutions will gain exposure to the entire cryptocurrency industry — an objectively more diversified alternative.

In the same way that Bitcoin is the household name of cryptocurrencies, the Base Protocol aims to become the household name for general cryptocurrency investing. BASE’s vision is to become the primary channel of investment for new/existing cryptocurrency traders and institutional investors.

Would you like to earn token right now! ☞ CLICK HERE

Looking for more information…

☞ Website
☞ Explorer
☞ Source Code
☞ Social Channel
Message Board
☞ Coinmarketcap

Create an Account and Trade NOW

Bittrex
Poloniex
Binance

Thank for visiting and reading this article! I’m highly appreciate your actions! Please share if you liked it!

#blockchain #bitcoin #crypto #base protocol #base

Gps Location Based App Development

In the search for trends, more and more geo-dependent mobile applications have been appearing on the market. Some of them cannot work without locating the user, while others are taking advantage of the geolocation feature to make their services more accessible. Navigators, guides, social networks with geotagged photos, fitness applications with route tracking belong to so-called Location-Based Services.

DataIT Solutions development expertise helps you get the most accurate GPS location-based solutions with highly-reliable GPS tracking modules including driving estimations, dynamic condition filtering, yielding the best consumer experience.

Location-Based App Development Helps In:

  • Identifying the position of a person or an object
  • Measurement of distance between two objects
  • Building optimum routes from one point to another

A location-based app needs an interactive UI along with strong backend server functionalities such as:

  • GPS coordinates of the location
  • Receiving the current location of the user
  • Serving the nearby locations
  • Directions for driving or walking
  • Map integration

We build innovative mobile apps that are instantly deployable for navigation & search, weather, field services, asset-tracking, proximity-based marketing, geofencing services, and more. Our beacon-compatible mobile applications deliver engaging UX for indoor-outdoor locations while enhancing existing business processes, productivity, and revenues.

Location-based apps are a great mobile development segment. It is still possible to come up with an innovative idea and become a giant in this enterprise.

Hire a Dedicated Development Team to develop your location-based apps and set your business apart from your competition.

#gps location based app development #app development #location based app development #gps location-based solutions #location-based app development #mobile-apps

Murray  Beatty

Murray Beatty

1596344940

Help Your Data Science Career By Publishing Your Work!

This guide aims to cover everything that a data science learner may need to write and publish articles on the internet. It covers why you should write, writing advice for new writers, and a list of places that invite contributions from new writers.

Let’s get to it!

Why you should write:

Writing isn’t just for “writers”. The art of writing well is for everyone to learn - programmers, marketers, managers and leaders, alike. And yes, data scientists and analysts too!

You should write articles because when you do:

You learn:

Writing teaches you the art of writing. It’s kind of circular but it’s true.

Make no mistake, the art of writing isn’t about grammar (although, that’s important) and flowery language (definitely not important). It’s about conveying your thoughts with clarity in simple language.

And learning this art is important even if you absolutely know that you don’t want to write blogs/articles for a living. It’s important because all the jobs have some form of writing involved - messages, emails, memos and the whole spectrum. So basically, writing is a medium for almost any job you can have.

Apart from that, when you write you learn the things that you thought you knew but didn’t really know. So, writing is an opportunity to learn better.

#data science career tips #guide #guides #publishing work #writing guide