BIZ-COMMSEC: Fuzzer Development for Mere Mortals


Fuzzing is the favorite technique of bug hunters for finding vulnerabilities. Though there are tools available like AFL, Sulley, Spike etc., which helps you do generic fuzzing or specialized fuzzing. Most often, you either has to modify existing fuzzer or end up creating your own. In this presentation, we will go through process of creating a file format fuzzer using python and its libraries. We will go through following steps of creating a fuzzer.

1.    Introduction to fuzzing and types of fuzzers.
2.    Design Concepts of a fuzzer.
3.    Design goals of your fuzzer.
4.    Available tools and fuzzers.
5.    Attaching a program to debugger programmatically.
6.    Monitoring the application for crashes.
7.    Logging and triaging the crashes for root cause analysis.
8.    Scaling the fuzzer.

By the end of this presentation you will be able to create a fuzzer for your fuzzing needs or contribute to an existing fuzzer like sulley etc.,

Location: InterContinental Date: August 25, 2016 Time: 4:30 pm - 5:30 pm Mohd. A. Imran