Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Exposing Hidden Exploitable Behaviors Using EDF

Hack In The Box Security Conference via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore advanced techniques for exposing hidden exploitable behaviors in programming languages using Differential Fuzzing. Learn about the technical aspects of analyzing unexpected behaviors in interpreters, including methods to detect over 20 different types of issues beyond crashes. Discover practical examples of identifying undocumented functions allowing OS command execution, sensitive file content exposure in error messages, unexpected native code interpretation, and potential vulnerabilities in constant naming. Gain insights into the capabilities of differential fuzzing, with a focus on JavaScript, Perl, PHP, Python, and Ruby. Includes a special release of the fuzzer and covers topics such as fuzzing processes, input analysis, software examination, and automated output analysis techniques.

Syllabus

SPEAKER BIO
1.3. How: Fuzzing Process
1.3. How: The Input
1.3. How: The Software
1.4. Why? To automatize the output analysis
Common Fuzzing: Crashes
2. Crashes: XDIFF Output - Valgrind
2. Crashes: XDIFF Output - Return Codes
2. Crashes: XDIFF Output - Hangs
What is Differential Fuzzing?
What to Execute
3.1. Different Implementations: Stdout
3.2. Different Inputs: Stdout
3.3. Different Versions: Stdout
What to Detect
4.1. Path Disclosure: XDIFF Output
4.1. Path Disclosure: Powershell (cont'd)
4.3. Error Disclosure: XDiFF Output
4.4. Code Evaluated: XDIFF Output
4.5. Command Execution: XDIFF Output
4.6. Network Connection: XDiFF Output
4.6. Network Connection: JRuby RCE
4.7. File Read: Leak Root's Password

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Exposing Hidden Exploitable Behaviors Using EDF

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.