A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Using Next Generation Fuzzing Tools: Fixing Bugs and Writing Memory Corruption Exploits - Dr. Jared DeMott & John Stigerwalt GrrCON 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Using Next Generation Fuzzing Tools: Fixing Bugs and Writing Memory Corruption Exploits
Dr. Jared DeMott & John Stigerwalt
GrrCON 2019

The process of fuzzing has changed, from multation, to frameworks, to the constraint solving (CS) and genetic algorithms (GA) of today. While pre-written suites and custom one-offs can be great, GAs (AFL/Clusterfuzz) and CS (Sage/MSRD) often do the best - and we?ll drop serious vulns in this talk to prove it. These tools are paired best with scale - fuzzing-as-a-service (FaaS). It?s time to exposure your code before attackers do. But it?s still not a perfectly simple endeavor. We will explain harnesses; how to pick seeds; which portions of the app to target, CI/CD, and much more. We?ll look at an exciting, new DAST tool: microsoftsecurityriskdetection.com. From there we?ll teach you how to turn the bugs into fixes, or exploits. Excitingly, you?ll learn how to write 0day from results.

Back to GrrCON 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast