Explore the intriguing world of malware vulnerabilities in this 28-minute conference talk from BSidesSF 2019. Delve into the potential of using coverage-guided fuzzing to automatically detect bugs in malicious software, including sophisticated samples like the Mirai botnet and various banking trojans. Learn how exploiting these vulnerabilities could potentially stop or slow down malware spreading, defend against DDoS attacks, and even take control over command and control servers and botnets. Discover a new cross-platform tool called netAFL, built on top of WinAFL, and witness demonstrations of 0day vulnerability exploits. Gain insights into how small modifications to HTTP responses can thwart large-scale DDoS attacks and how clever bitflipping techniques can lead to remote code execution in complex banking trojans.
Overview
Syllabus
BSidesSF 2019 - Fuzzing Malware for Fun & Profit (Maksim Shudrak)
Taught by
Security BSides San Francisco
Related Courses
-
Fuzzing the Stack for Fun and Profit
-
Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit
-
Fuzzing Javascript Engines for Fun and Pwnage
-
Fuzzing Ruby and C Extensions
-
Case Study in Using Bad Malware Design Against Attackers
-
A Deep Dive into Go Malware - Using Metadata to Empower the Analyst
