Skip to main content

Fuzzing Obstacles

Skill Active
Part of:Testing Handbook Skills

Techniques for patching code to overcome fuzzing obstacles. Use when checksums, global state, or other barriers block fuzzer progress.

Purpose

To provide developers and security researchers with practical methods to patch their code for more effective fuzzing by overcoming obstacles that block coverage.

Features

  • Techniques for bypassing checksums and hash verification
  • Methods for handling global state and non-deterministic PRNGs
  • Conditional compilation examples for C/C++ and Rust
  • Guidance on identifying and assessing fuzzing obstacles
  • Tips for measuring patch effectiveness and reducing false positives

Use Cases

  • When a fuzzer gets stuck on checksums or complex validation.
  • To improve code coverage by enabling exploration of previously unreachable paths.
  • When non-deterministic behavior due to global state hinders reproducible fuzzing.
  • To make fuzzing more efficient by overcoming input generation barriers.

Non-Goals

  • Providing a fully automated patching solution.
  • Guaranteeing that all patches eliminate false positives.
  • Replacing the need for a good seed corpus or dictionaries.
  • Fuzzing code that is already inherently fuzz-friendly.

Trust

  • warning:Issues Attention13 issues opened and 4 closed in the last 90 days indicate a low closure rate and slow maintenance engagement.

Installation

First, add the marketplace

/plugin marketplace add trailofbits/skills
/plugin install testing-handbook-skills@trailofbits

Quality Score

88 /100
Analyzed about 13 hours ago

Trust Signals

Last commit3 days ago
GitHub owner trailofbits (opens in new tab)
Stars5.2k
LicenseCC-BY-SA-4.0
Status
View Source

Similar Extensions

Senior Backend Engineer

100

Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.

Skill
alirezarezvani

Secrets Management

100

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

Skill
wshobson

Semgrep Rule Creator

100

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

Skill
trailofbits

Safe Mode

100

Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.

Skill
rohitg00

Prompt Guard

100

Meta's 86M prompt injection and jailbreak detector. Filters malicious prompts and third-party data for LLM apps. 99%+ TPR, <1% FPR. Fast (<2ms GPU). Multilingual (8 languages). Deploy with HuggingFace or batch processing for RAG security.

Skill
Orchestra-Research

Soul Guardian

100

Drift detection + baseline integrity guard for agent workspace files with automatic alerting support

Skill
prompt-security

© 2025 SkillRepo · Find the right skill, skip the noise.