3/9/15 - Fundamentals of fuzzing

Please join us on March 9 for a fuzz-fest.

Agenda

• 6:00 pm - Dinner & mingling

• 6:40 pm - Lightning talks

• 7:00 pm - Fundamentals of Fuzzing on Peach, Seth Hinze (Deja vu Security)

Fuzzing is the technique of finding flaws and vulnerabilities in solutions through the mutation of data. This technique is a preferred way of both defenders and attackers to discover vulnerabilities in a system.

The Peach Fuzzing Framework is the most widely used fuzzing system. Researchers, corporations, and governments use Peach to find vulnerabilities in systems. Peach was designed to fuzz any type of data consumer from servers to embedded systems.

Peach is a cross platform system running on Windows, Linux, and OS X. This talk will walk through the fundamentals of the fuzzing process namely modeling of data and states, mutating, and monitoring. We will go through some scenarios for fuzzing.

• 8:00 pm - AFL - American Fuzzy Lop, Tobias Ospelt (modzero)

A short introduction to AFL, a new fuzzing tool that uses compile-time instrumentation and genetic algorithms to discover clean, interesting test cases that trigger new internal states in the targeted binary.

• 8:30 pm - END