Overview
Explore advanced guided fuzzing techniques for vulnerability discovery in this conference talk from the Hack In The Box Security Conference. Delve into the evolution of fuzzing technology, examining sample-based mutation, model-based generation, and newer guided approaches. Learn about dynamic analysis methods including code coverage analysis, constraint solving, and sampling/profiling feedback mechanisms. Discover novel contributions such as an open-source Windows Driver for Intel Processor Trace, a DBI-based tracing engine for multiple operating systems, and American Fuzzy Lop with full Windows binary target support. Gain insights from Richard Johnson, a computer security specialist with 15 years of experience, as he discusses tracing engines, evolutionary testing, and various fuzzing systems. Examine the applications of guided fuzzing, CPU event monitoring, and interrupt programming in vulnerability analysis and software security.
Syllabus
Introduction
Applications
Tracing Engines
Evolutionary Testing
Sidewinder
Evolutionary Fuzzing System
Amercian Fuzzy Lop
honggfuzz
Choronzon
Honorable mentions
Guided Fuzzing
Valgrind
DynamoRIO
Dyninst
Tuning Binary Translation
CPU Event Monitoring
Interrupt Programming
Branch Trace Store
Intel Processor Trace
Taught by
Hack In The Box Security Conference