Overview
Explore the fundamentals of fuzzing in this 45-minute conference talk from BSides Tampa 2017. Dive into the world of software testing as Brian Beaudry explains what fuzzing is, its importance for both hackers and developers, and its effectiveness in identifying vulnerabilities. Learn about different fuzzing techniques, including native vs. managed code fuzzing, and discover popular open-source tools like AFL. Gain insights into creating Python-based fuzzers and mutational fuzzers, and understand how to detect memory errors using various techniques. Explore debugging and triaging processes, and discover advanced concepts like in-memory fuzzing and snapshot fuzzing. By the end of this talk, acquire practical knowledge to implement fuzzing techniques for more robust software security testing.
Syllabus
Introduction
What is fuzzing
Hackers and developers
Blessing
Effective
Native vs Management
Example
OSS Buzz
AFL
Fuzzers
Python Buzzer
Mutational Buzzer
Memory Errors
G Flags
The Buzzer
The Registers
Debugging
Triage
Fuzzboard
MiniFuzz
How effective is fuzzing
Do any better
The mess paint
Setting a breakpoint
Big stack trick
Dynamic matching
Calling exits
Can we do better
Inmemory fuzz
Snapshot fuzz
Local