»Finding security vulnerabilities with modern fuzzing techniques«
2018-10-16, 13:30–17:30, Vianden - Wiltz
In this talk the attendees learn how to use feedback-based fuzzers like AFL, LibFuzzer and WinAFL.
Fuzzing is a very powerful technique to detect flaws and vulnerabilities in software. The aim of this hands-on workshop is to demonstrate different techniques to fuzz applications or libraries. Choosing the correct and most effective fuzzing technique will be discussed with real-world examples. Moreover, hints according common problems and pitfalls during fuzzing will be given. After discussing the theories behind modern fuzzing techniques we look at famouse fuzzers and how they can be used to find real-world vulnerabilities. In the second part important areas which influent the fuzzing results are covered. Moreover, we discuss differences between fuzzing open-source and closed-source applications and useful reverse engineering techniques which assist the fuzzing process.