Explore the fundamentals of fuzzing and advanced techniques in this BSidesSF 2016 conference talk. Dive into topics such as afl (American Fuzzy Lop), parallel fuzzing, LLVM fuzzing, deferred instrumentation, and persistent mode. Learn about fuzz dictionaries, checksums, target selection, and crash assessment. Discover how to leverage sanitizers and Valgrind for more effective fuzzing. Examine real-world examples including Shellshock, Heartbleed, and Cancelar Bypass. Gain insights into smarter fuzzing strategies to enhance your security testing capabilities.
Overview
Syllabus
Introduction
What is fuzzing
Afl
Parallel Fuzzing
LLVM Fuzzing
Deferred Instrumentation
Persistent Mode
Fuzz Dictionary
Checksums
Targets
Crash Assessment
Afl Big C
Sanitizers
Valgrind
shellshock
Heartbleed
Cancelar Bypass
Questions