The Aftermath of a Fuzz Run - What to Do About Those Crashes?

The Aftermath of a Fuzz Run - What to Do About Those Crashes?

Linux Foundation via YouTube Direct link

Minimize the Corpus of Crashes

18 of 25

18 of 25

Minimize the Corpus of Crashes

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

The Aftermath of a Fuzz Run - What to Do About Those Crashes?

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 NeXT, Apple, Weblogic, BEA Systems, Azul Systems
  3. 3 1 Introduce/Review Memory Corruption Bugs 2 A Post Fuzz Run Workflow 3 Real World Examples
  4. 4 Invalid Reads/Writes
  5. 5 Stack vs Heap Corruption
  6. 6 Use After Free
  7. 7 Other Memory Bugs
  8. 8 b: What is Exploitability?
  9. 9 Re-programming with input data- not code
  10. 10 Does "exploitability" matter?
  11. 11 Google Project Zero
  12. 12 Many modern exploits are bug chains
  13. 13 Surprisingly Exploitable
  14. 14 C-Ares / Chrome OS Remote Code Execution
  15. 15 Section 1c: Memory Corruption Mitigations
  16. 16 ASLR Address Space Layout Randomization
  17. 17 DEP Data Execution Prevention
  18. 18 Minimize the Corpus of Crashes
  19. 19 b: Memory Corruption Analysis Tools
  20. 20 Valgrind (memcheck)
  21. 21 Section 2c: Determine Exploitability / Find the Root Cause
  22. 22 Disable ASLR
  23. 23 Identify critical memory locations
  24. 24 PHP: Low invalid read
  25. 25 Netflix Dynomite: Invalid Write

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.