Overview
Explore an innovative fuzzing technique called ProFuzzer in this 19-minute IEEE conference talk. Learn about on-the-fly probing that automatically recovers and understands critical input fields during the fuzzing process, enhancing zero-day vulnerability discovery. Discover how ProFuzzer intelligently adapts mutation strategies without prior knowledge of input specifications, linking related bytes and identifying field types to prune the search space. Examine the application-agnostic probe types and compare ProFuzzer's performance against popular fuzzers like AFL, AFLFast, VUzzer, Driller, and QSYM. Gain insights into ProFuzzer's impressive results, including the discovery of 42 zero-days in 10 intensively tested programs and the generation of 30 CVEs within two months.
Syllabus
ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery
Taught by
IEEE Symposium on Security and Privacy