Explore an innovative fuzzing technique called ProFuzzer in this 19-minute IEEE conference talk. Learn about on-the-fly probing that automatically recovers and understands critical input fields during the fuzzing process, enhancing zero-day vulnerability discovery. Discover how ProFuzzer intelligently adapts mutation strategies without prior knowledge of input specifications, linking related bytes and identifying field types to prune the search space. Examine the application-agnostic probe types and compare ProFuzzer's performance against popular fuzzers like AFL, AFLFast, VUzzer, Driller, and QSYM. Gain insights into ProFuzzer's impressive results, including the discovery of 42 zero-days in 10 intensively tested programs and the generation of 30 CVEs within two months.
ProFuzzer - On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery
Overview
Syllabus
ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
-
Fuzzing File Systems via Two-Dimensional Input Space Exploration
-
Program-Adaptive Mutational Fuzzing
-
Examining Zero-Shot Vulnerability Repair with Large Language Models
-
T-Fuzz - Fuzzing by Program Transformation
-
Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks
-
Zero Days, Thousands of Nights - The Life & Times of Zero-Day Vulnerabilities and Their Exploits
