Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

ClusterFuzz - Fuzzing at Google Scale

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the world's largest publicly known fuzzing infrastructure in this Black Hat conference talk. Discover how Google overcame challenges to operate a system running over 25,000 cores and 2,500 targets, uncovering more than 8,000 security vulnerabilities across Google products and 200 open source projects. Learn about ClusterFuzz's history, debunk fuzzing myths, and understand the ideal fuzzing workflow. Dive into blackbox fuzzing techniques, AFL fuzzer examples, and strategies for educating developers. Examine the build pipeline, optimization methods, and the intricacies of fuzzing bots and targets. Gain insights into corpus management, search strategies, deduplication processes, and continuous version analysis. Explore crash reporting, prioritization, and verification techniques. Investigate applications in Chrome and OSS security, and ponder future developments in fuzzing technology. Engage with key takeaways and participate in a Q&A session covering concurrency issues, bugs, corpus sharing, and the biggest challenges faced in creating a simple yet powerful fuzzing infrastructure.

Syllabus

Introduction
History
Fuzzing Myths
How to Scale
Ideal Fuzzing Workflow
ClusterFuzz Overview
What to Fuzz
Blackbox Fuzzing
Chrome Blackbox Fuzzing
AFL
Fuzzer
Example
Educating Developers
Build Pipeline
Optimization
Fuzzy Machines
Fuzzing BOTS
Fuzzing Targets
Corpus
Search
Strategy Selection
Deduplication
Deduplication example
Grouping
Minimize
Continuous Version
Variant Analysis
Unique Crashes
Examples
Test Case Report
Prioritization
Verification
External Reports
Reporters
Execution Speed
Crash Statistics
Code Coverage
More Applications
Chrome
OSS Security
Whats next
Key takeaways
Questions
concurrency issues
bugs
Corpus Sharing
Other Questions
Mutator
Hybrid Fighting
Future Plans
Corrupted Stack
Address Sanitizer
The biggest challenge
How we made it simple

Taught by

Black Hat

Reviews

Start your review of ClusterFuzz - Fuzzing at Google Scale

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.