This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Monday, February 29 • 3:00pm - 3:55pm
Fuzz Smarter, Not Harder (An afl-fuzz Primer)

Sign up or log in to save this to your schedule and see who's attending!

Fuzz testing is one of the most powerful tools in the bug hunter’s toolset. However, many fuzzing platforms require a lot of hard work to first describe a targeted format or protocol. These tools also often require a lot of resources, time, or both. American Fuzzy Lop (afl-fuzz) from Michal Zalewski (lcamtuf) overcomes these challenges with novel code instrumentation techniques combined with a highly optimized forking process. This talk steps through an entire process for using afl-fuzz and other tools like address sanitizer (ASAN) and !exploitable to identify and classify exploitable software bugs. Specific example steps for building and fuzzing AFL instrumented Ubuntu packages will allow attendees to quickly start finding 0-days in software deployed on millions of computers world-wide.

avatar for Craig Young

Craig Young

Security Researcher, Tripwire
Craig Young is a computer security researcher with Tripwire's Vulnerability and Exposures Research Team (VERT). He identified and responsibly disclosed hundreds of vulnerabilities in products from Google, IBM, NETGEAR, Adobe, HP, Apple, and others. His research resulted in numerous CVE assignments and repeated recognition in the Google Application Security Hall of Fame. Craig won in track 0 and track 1 of the SOHOpelessly Broken contest at DEF... Read More →

Monday February 29, 2016 3:00pm - 3:55pm
DNA Lounge 375 11th St, San Francisco, CA 94103

Attendees (29)