Description: File format fuzzing has been very fruitful at discovering exploitable vulnerabilities. Adversaries take advantage of these vulnerabilities to conduct spear-phishing attacks. This talk will cover the basics of file format fuzzing and show you how to use CERT’s fuzzing frameworks to discovery vulnerabilities in file parsers. http://www.cert.org/vuls/discovery/
Bio:Jared Allar is a vulnerability analyst within the CERT Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Jared Allar has done large-scale vulnerability coordination work for vulnerabilities that have affected hundreds of software vendors. Most notably, he has coordinated vulnerabilities discovered by HD Moore related to VxWorks and libupnp. When not coordinating vulnerabilities, he helps test and improve CERT’s fuzzing frameworks.
For More Information please visit : - http://www.derbycon.com
http://www.irongeek.com/i.php?page=videos/derbycon3/mainlist
Tags: securitytube , hacking , hackers , information security , convention , computer security , derbycon-2013 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.