Explore fuzzing techniques for binary protocols in this conference talk from nullcon Goa 2014. Learn about Zulu, a GUI-based intuitive fuzzer developed to simplify the process of capturing, mutating, and replaying both ASCII and binary protocols. Discover the tool's motivations, basic functionalities, and its successful application in uncovering high-profile bugs. Gain insights into configuring proxies, selecting fuzz points and mutators, and various fuzzing processes for network, USB, and serial protocols. Understand how to use Wireshark captures, import PCAPs, and leverage ZuluScript for advanced fuzzing operations. Explore real-world examples of bugs discovered using Zulu and learn how to access this open-source tool on Github.
Overview
Syllabus
Intro
What is Zulu?
Motivations behind the tool
Zulu basics - the GUI
Zulu basics – typical data
Zulu basics – the console
File structure
Configure the proxy
Use the standard network clien
Select some fuzz points
Select mutators
Select output method
Start fuzzing
Instrumentation and triage
Wireshark captures
Importing a PCAP
Select input file
Fuzz process + debugging
Graphic USB
Import generator script
Select USB fuzzer
Fuzzer running
Serial settings
Serial data capture
Serial fuzzing
Point to Wireshark binary
Auto-load Wireshark
Select file fuzzer + fuzz process
Adding a length field
Select email settings
Using ZuluScript
Access to data
Bugs that Zulu has found
Zulu is available on Github
Taught by
nullcon
