Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

A New Fuzzing Method for Android

Hack In The Box Security Conference via YouTube

Overview

Explore a groundbreaking fuzzing method for Android security in this 20-minute conference talk from the Hack In The Box Security Conference. Discover how to uncover vulnerabilities through quantitative and qualitative changes, leveraging function point combinations to comprehensively explore state spaces. Learn about the speakers' success in identifying approximately twenty 0-day vulnerabilities on smartOS and other phones, as well as their first-place win in the Smartisan vulnerability digging competition. Gain insights into the application of this method on OEM devices like Samsung, Huawei, and Smartisan OS, resulting in the discovery of over 50 bugs and vulnerabilities. Understand the core ideas behind this innovative approach, including quantitative changes for single and multiple function points, with practical examples using clipboard fuzzing. Witness a demonstration of the method's effectiveness and draw inspiration for identifying previously undiscovered vulnerabilities in Android systems.

Syllabus

Intro
Self Introduction
Harder and harder to find a Vulnerability?
Fuzzing tools
A New Fuzzing Perspective
Core Ideas
Quantitative Change for Single Function Point
But how do we find this ...
An example: fuzzing Clipboard
Quantitative Change for Multiple Function Points
Another Example: Clipboard Again
Understand this method
Demonstration

Taught by

Hack In The Box Security Conference

Reviews

Start your review of A New Fuzzing Method for Android

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.