A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Practical File Format Fuzzing - Jared Allar Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

Practical File Format Fuzzing - Jared Allar
Derbycon 2013

Description: File format fuzzing has been very fruitful at discovering exploitable vulnerabilities. Adversaries take advantage of these vulnerabilities to conduct spear-phishing attacks. This talk will cover the basics of file format fuzzing and show you how to use CERT’s fuzzing frameworks to discovery vulnerabilities in file parsers. http://www.cert.org/vuls/discovery/

Bio:Jared Allar is a vulnerability analyst within the CERT Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Jared Allar has done large-scale vulnerability coordination work for vulnerabilities that have affected hundreds of software vendors. Most notably, he has coordinated vulnerabilities discovered by HD Moore related to VxWorks and libupnp. When not coordinating vulnerabilities, he helps test and improve CERT’s fuzzing frameworks.

Back to Derbycon 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast