In intro to fuzzing we will discuss and understand all parts to a successful fuzzing and why it’s needed, understanding various fuzzer’s and setting up the environment.
We will move ahead and start with AFL, understating the installation part. Also, we will quickly have a look on AFL key components which is, process timing, stages, findings, yields, path geometry and stability. We have created certain vulnerable binaries from which we will demonstrate overflows using AFL and analyzing the targets, crashes and hangs which gets generated by AFL.
After that we will move ahead and start with smart fuzzing where we will integrate ASAN with AFL, but before that we will give a brief understanding about ASAN and MSAN and how it is used to detects the runtime bugs during the compilation of a binary.
In end we will give small exercise’s to students to gets hands-on, on what they have learned so far and clear their doubts. We will quickly wrap-up our workshop by discussing about how they can leverage this knowledge against the bug bounty programs and then show casing multiple bugs which we found during our research.
Dhiraj Mishra Senior Security Consultant, Cognosec DMCC
An active speaker who has discovered multiple zero-days in modern web browsers and an open-source contributor. He is a trainer at BlackHat and presented in conferences such as Ekoparty, Hacktivity, PHDays & HITB. In his free time, he blogs at www.inputzero.io and tweets on @RandomDhiraj