We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

What is fuzzing?

3
 Zitieren
 Teilen
 Herunterladen
 Bestellen
Kein Logo verfügbarDEF CON
 El-Sherei, Saif Stalmans, Etienne

Formale Metadaten

Titel
What is fuzzing?
Alternativer Titel
Extending Fuzzing Grammars to Exploit Code Paths
Serientitel
Anzahl der Teile
109
Autor
Lizenz
CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
Fuzzing is a well-established technique for finding bugs, hopefully exploitable ones, by brute forcing inputs to explore code paths in an application. In recent years, fuzzing has become a near mandatory part of any major application's security team efforts. Our work focused on fuzzing web browsers, a particularly difficult challenge given the size and quality of some of their security teams, the existing high-quality fuzzers available for this, and, of late, bug bounty programs. Despite this, our improved fuzzing approach was able to find four confirmed bugs within Google Chrome and two within Microsoft Internet Explorer 11. The bugs had varying potential exploitability. Interestingly, some had been independently discovered indicating others are active in this field. The work is on going, and we hope to have more before the presentation. As browsers continue to grow as the new universal interface for devices and applications, they have become high value targets for exploitation. Additionally, with the growth of browser fuzzing since 2004, this is a complex field to get started in. Something we hope to help address. Our research and presentation will consist of two parts: The first part is an introduction to fuzzing for the security practitioner. Here we combine the approaches, tool sets and integrations between tools we found to be most effective into a recipe for fuzzing various browsers and various platforms. The second part is a description of our work and approach used to create, and extend, browser fuzzing grammars based on w3c specifications to discover new and unexplored code paths, and find new browser security bugs. In particular, example of real bugs found in the Chrome and IE browser will be demonstrated. Speaker Bios: Saif is the body double for Borat, but couldn't pull off a mankini and ended up in information security. His focus is on fuzzing and vulnerability research. Etienne hopes he will outlive his beard, but in the meantime, this hacking schtick pays for beard oil. His other interests lie in mobile applications and no-sql databases. Both are analysts within SensePost's London office.