Description: Nowadays fuzzing is a pretty common technique used both by attackers and software developers. Currently known techniques usually involve knowing the protocol/format that needs to be fuzzed and having a basic understanding of how the user input is processed inside the binary. In the past since fuzzing was little-used obtaining good results with a small amount of effort was possible. Today finding bugs requires digging a lot inside the code and the user-input as common vulnerabilies are already identified and fixed by developers. This talk will present an idea on how to effectively fuzz with no knowledge of the user-input and the binary. Specifically the talk will demonstrate how techniques like code coverage, data tainting and in-memory fuzzing allow to build a smart fuzzer with no need to instrument it.
Tags: securitytube , Confidence , hacking , hackers , information security , convention , computer security , Confidence 10 , Confidence-2010 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.