Overview
Syllabus
SPEAKER BIO
1.3. How: Fuzzing Process
1.3. How: The Input
1.3. How: The Software
1.4. Why? To automatize the output analysis
Common Fuzzing: Crashes
2. Crashes: XDIFF Output - Valgrind
2. Crashes: XDIFF Output - Return Codes
2. Crashes: XDIFF Output - Hangs
What is Differential Fuzzing?
What to Execute
3.1. Different Implementations: Stdout
3.2. Different Inputs: Stdout
3.3. Different Versions: Stdout
What to Detect
4.1. Path Disclosure: XDIFF Output
4.1. Path Disclosure: Powershell (cont'd)
4.3. Error Disclosure: XDiFF Output
4.4. Code Evaluated: XDIFF Output
4.5. Command Execution: XDIFF Output
4.6. Network Connection: XDiFF Output
4.6. Network Connection: JRuby RCE
4.7. File Read: Leak Root's Password
Taught by
Hack In The Box Security Conference