Overview
Explore the intriguing world of malware vulnerabilities in this 28-minute conference talk from BSidesSF 2019. Delve into the potential of using coverage-guided fuzzing to automatically detect bugs in malicious software, including sophisticated samples like the Mirai botnet and various banking trojans. Learn how exploiting these vulnerabilities could potentially stop or slow down malware spreading, defend against DDoS attacks, and even take control over command and control servers and botnets. Discover a new cross-platform tool called netAFL, built on top of WinAFL, and witness demonstrations of 0day vulnerability exploits. Gain insights into how small modifications to HTTP responses can thwart large-scale DDoS attacks and how clever bitflipping techniques can lead to remote code execution in complex banking trojans.
Syllabus
BSidesSF 2019 - Fuzzing Malware for Fun & Profit (Maksim Shudrak)
Taught by
Security BSides San Francisco