The Art of Fuzzing Without Fuzzing

Presented at Kiwicon 9: Cyberwar Is Hell (2015), Dec. 11, 2015, 4:45 p.m. (45 minutes).

PURSUANT TO: Cyber Munitions, Creation Of KEYWORDS: Cyber; War; Cyberwar; Death, Merchants Of With the growing popularity of usable guided fuzzing tools like AFL, it is time to revisit some old assumptions. Fuzzing researchers have always pointed out the importance of starting corpora, but exactly HOW important are they? We should be spending more of our time on corpus generation and less on fuzzing slow, annoying, GUI targets. But, just HOW GOOD can we make them? What if we didn't need to fuzz those annoying targets ...at all? This is a summary of a few months research into Corpus Driven Fuzzing, or, as I like to call it, Fuzzing Without Fuzzing.

Presenters:

• Ben Nagy
  THIS SPACE INTENTIONALLY LEFT BLANK (for now, nagy. You'll keep)

Links:

• https://2015.kiwicon.org/the-con/talks/#e215

Similar Presentations:

• DEF CON 15 (2007) / How smart is Intelligent Fuzzing - or - How stupid is Dumb Fuzzing?
• BruCON 0x0A (2018) / Finding security vulnerabilities with modern fuzzing techniques Workshop
• BruCON 0x0A (2018) / Finding security vulnerabilities with modern fuzzing techniques (Short Version) Workshop