Fuzzing Obstacles
技能 活跃Techniques for patching code to overcome fuzzing obstacles. Use when checksums, global state, or other barriers block fuzzer progress.
To provide developers and security researchers with practical methods to patch their code for more effective fuzzing by overcoming obstacles that block coverage.
功能
- Techniques for bypassing checksums and hash verification
- Methods for handling global state and non-deterministic PRNGs
- Conditional compilation examples for C/C++ and Rust
- Guidance on identifying and assessing fuzzing obstacles
- Tips for measuring patch effectiveness and reducing false positives
使用场景
- When a fuzzer gets stuck on checksums or complex validation.
- To improve code coverage by enabling exploration of previously unreachable paths.
- When non-deterministic behavior due to global state hinders reproducible fuzzing.
- To make fuzzing more efficient by overcoming input generation barriers.
非目标
- Providing a fully automated patching solution.
- Guaranteeing that all patches eliminate false positives.
- Replacing the need for a good seed corpus or dictionaries.
- Fuzzing code that is already inherently fuzz-friendly.
Trust
- warning:Issues Attention13 issues opened and 4 closed in the last 90 days indicate a low closure rate and slow maintenance engagement.
安装
请先添加 Marketplace
/plugin marketplace add trailofbits/skills/plugin install testing-handbook-skills@trailofbits质量评分
类似扩展
Senior Backend Engineer
100Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.
Secrets Management
100Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.
Prompt Guard
100Meta's 86M prompt injection and jailbreak detector. Filters malicious prompts and third-party data for LLM apps. 99%+ TPR, <1% FPR. Fast (<2ms GPU). Multilingual (8 languages). Deploy with HuggingFace or batch processing for RAG security.
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support