Finding security vulnerabilities with modern fuzzing techniques

Presented at BruCON 0x0A (2018), Oct. 4, 2018, 1:30 p.m. (240 minutes).

Fuzzing is a very powerful technique to detect flaws and vulnerabilities in software. The aim of this hands-on workshop is to demonstrate different techniques which can be used to fuzz applications or libraries. Choosing the correct and most effective fuzzing technique will be discussed with real-world examples. Moreover, hints according common problems and pitfalls during fuzzing will be given. After discussing the theories behind modern fuzzing techniques we look at famouse fuzzers and how they can be used to find real-world vulnerabilities. In the second part important areas which influent the fuzzing results are covered. Moreover, we discuss differences between fuzzing open-source and closed-source applications and useful reverse engineering techniques which assist the fuzzing process.


Presenters:

  • René Freingruber - SEC Consult   as Rene Freingruber
    René Freingruber has been working as a professional security consultant for SEC Consult for several years. He operates research in the fields of malware analysis, reverse engineering, fuzzing and exploit development. For his bachelor thesis he studied modern mitigation techniques and how they can be bypassed by attackers. In the course of that research he came across Microsofts Enhanced Mitigation Experience Toolkit and gave various talks on bypassing EMET in 2014 at conferences such as RuxCon, ToorCon, ZeroNights, DeepSec, 31C3 and NorthSec. In 2015 he presented talks on bypassing application whitelisting at CanSecWest, DeepSec, IT-SeCX, BSides Vienna, QuBit, NorthSec and Hacktivity. In 2016 he presented the topic of hacking companies via memory corruptions in firewalls at DeepSec, BSides Vienna, DSS ITSEC and IT-SeCX (lightning talks at Hack.lu and Recon Europe). Since 2017 he works full time as researcher in the field of fuzzing and gave talks on that subject at DefCamp, Heise devSec, IT-SeCX, BSides Vienna and RuhrSec. As major trainer of the secure C/C++ programming, reverse engineering and red teaming trainings from SEC Consult and lecturer at similiar courses at the universities of applied science St. Pölten and JKU he gained a lot of experience in teaching complex topics in a simple to understand way.

Links:

Similar Presentations: