Merge pull request #78 from trailofbits/snapshot-fuzzing-summary

elopez · web-flow · commit e71b48c61b5e · 2025-04-08T19:23:49.000+02:00
Add summary to snapshot fuzzing section
diff --git a/.lycheeignore b/.lycheeignore
@@ -0,0 +1,3 @@
+https://t.co/*
+https://dl.acm.org/doi/pdf/*
+https://www.gnu.org/*
diff --git a/content/docs/crypto/constant_time_tool/_index.md b/content/docs/crypto/constant_time_tool/_index.md
@@ -25,7 +25,7 @@ The second section focuses on different [tools](#constant-time-tooling) practiti
 
 ## Background
 
-Timing attacks on cryptographic implementations were introduced by [Kocher](https://paulkocher.com/doc/TimingAttacks.pdf) in 1996\. Over the years, various researchers have expanded on these attacks. Notably, [Schindler](https://www.torsten-schuetze.de/sommerakademie2009/papers-sekundaer/Schindler\_Timing\_2000.pdf) demonstrated attacks on RSA implementations, which used a specific optimization improvement, and in 2005, Brumley and Boneh published [Remote Timing Attacks are Practical](https://crypto.stanford.edu/\~dabo/papers/ssl-timing.pdf), successfully extracting secret keys from OpenSSL. Also, symmetric ciphers like AES can be vulnerable to timing attacks, as shown in [Cache-timing attacks on AES](https://cr.yp.to/antiforgery/cachetiming-20050414.pdf).  
+Timing attacks on cryptographic implementations were introduced by [Kocher](https://paulkocher.com/doc/TimingAttacks.pdf) in 1996\. Over the years, various researchers have expanded on these attacks. Notably, [Schindler](https://link.springer.com/content/pdf/10.1007/3-540-44499-8_8.pdf) demonstrated attacks on RSA implementations, which used a specific optimization improvement, and in 2005, Brumley and Boneh published [Remote Timing Attacks are Practical](https://crypto.stanford.edu/\~dabo/papers/ssl-timing.pdf), successfully extracting secret keys from OpenSSL. Also, symmetric ciphers like AES can be vulnerable to timing attacks, as shown in [Cache-timing attacks on AES](https://cr.yp.to/antiforgery/cachetiming-20050414.pdf).  
 More recently, the post-quantum algorithm Kyber was found to have timing vulnerabilities in its official implementation, dubbed [KyberSlash](https://eprint.iacr.org/2024/1049.pdf). The [CWE-385](https://cwe.mitre.org/data/definitions/385.html) catalog tracks timing vulnerabilities found in implementations.  
 
 Generally, to exploit a timing attack, two key prerequisites must be met:
diff --git a/content/docs/fuzzing/5-snapshot.md b/content/docs/fuzzing/5-snapshot.md
@@ -1,6 +1,7 @@
 ---
 title: "Snapshot Fuzzing"
 slug: snapshot-fuzzing
+summary: "Snapshot fuzzing enables security engineers to effectively test software that is traditionally difficult to analyze, such as kernel-level software (though the technique is not limited to such software). Whether you're auditing drivers or other kernel-mode components, including antivirus software, snapshot fuzzing provides a robust way to discover critical vulnerabilities. Consult this section for a walkthrough on how to conduct snapshot fuzzing on your system."
 weight: 6
 url: docs/fuzzing/snapshot-fuzzing
 ---
diff --git a/content/docs/web/burp/tips/_index.md b/content/docs/web/burp/tips/_index.md
@@ -335,7 +335,7 @@ The Hackvertor extension allows you to configure your own tags based on Python o
 See this example usage:
 <!-- markdownlint-disable no-inline-html line-length -->
 {{< rawHtml "" >}}
-<center><blockquote class="twitter-tweet"><p lang="en" dir="ltr">If you&#39;re testing a site that needs a unique CSRF-token for each call, you can use Hackvertor&#39;s custom tags to make a simple python script to fetch a new token for you. Very simple solution and works very nicely. Thank you again <a href="https://twitter.com/garethheyes?ref_src=twsrc%5Etfw">@garethheyes</a>!<a href="https://t.co/nd2cxTPQiL">https://t.co/nd2cxTPQiL</a> <a href="https://t.co/Vlp1Anxeqk">pic.twitter.com/Vlp1Anxeqk</a></p>&mdash; Frans Rosén (@fransrosen) <a href="https://twitter.com/fransrosen/status/1361594153268871168?ref_src=twsrc%5Etfw">February 16, 2021</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script></center>
+<center><blockquote class="twitter-tweet" data-dnt="true"><p lang="en" dir="ltr">If you&#39;re testing a site that needs a unique CSRF-token for each call, you can use Hackvertor&#39;s custom tags to make a simple python script to fetch a new token for you. Very simple solution and works very nicely. Thank you again <a href="https://twitter.com/garethheyes?ref_src=twsrc%5Etfw">@garethheyes</a>!<a href="https://t.co/nd2cxTPQiL">https://t.co/nd2cxTPQiL</a> <a href="https://t.co/Vlp1Anxeqk">pic.twitter.com/Vlp1Anxeqk</a></p>&mdash; Frans Rosén (@fransrosen) <a href="https://twitter.com/fransrosen/status/1361594153268871168?ref_src=twsrc%5Etfw">February 16, 2021</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script></center>
 {{< /rawHtml >}}
 <!-- markdownlint-restore -->
 Also see the official Hackvertor tag store:

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+https://t.co/*`
	`2`	`+https://dl.acm.org/doi/pdf/*`
	`3`	`+https://www.gnu.org/*`