Description: Fuzz testing is one of the most powerful tools in the bug hunter’s toolset. However, many fuzzing platforms require a lot of hard work to first describe a targeted format or protocol. These tools also often require a lot of resources, time, or both. American Fuzzy Lop (afl-fuzz) from Michal Zalewski (lcamtuf) overcomes these challenges with novel code instrumentation techniques combined with a highly optimized forking process. This talk steps through an entire process for using afl-fuzz and other tools like address sanitizer (ASAN) and !exploitable to identify and classify exploitable software bugs. Specific example steps for building and fuzzing AFL instrumented Ubuntu packages will allow attendees to quickly start finding 0-days in software deployed on millions of computers world-wide.
For More Information Please Visit:- https://bsidessf.com
http://www.irongeek.com/i.php?page=videos/bsidessf2016/mainlist
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.