We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

What is fuzzing?

3
 Cite
 Share
 Download
 Purchase
No logo availableDEF CON
 El-Sherei, Saif Stalmans, Etienne

Formal Metadata

Title
What is fuzzing?
Alternative Title
Extending Fuzzing Grammars to Exploit Code Paths
Title of Series
Number of Parts
109
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Fuzzing is a well-established technique for finding bugs, hopefully exploitable ones, by brute forcing inputs to explore code paths in an application. In recent years, fuzzing has become a near mandatory part of any major application's security team efforts. Our work focused on fuzzing web browsers, a particularly difficult challenge given the size and quality of some of their security teams, the existing high-quality fuzzers available for this, and, of late, bug bounty programs. Despite this, our improved fuzzing approach was able to find four confirmed bugs within Google Chrome and two within Microsoft Internet Explorer 11. The bugs had varying potential exploitability. Interestingly, some had been independently discovered indicating others are active in this field. The work is on going, and we hope to have more before the presentation. As browsers continue to grow as the new universal interface for devices and applications, they have become high value targets for exploitation. Additionally, with the growth of browser fuzzing since 2004, this is a complex field to get started in. Something we hope to help address. Our research and presentation will consist of two parts: The first part is an introduction to fuzzing for the security practitioner. Here we combine the approaches, tool sets and integrations between tools we found to be most effective into a recipe for fuzzing various browsers and various platforms. The second part is a description of our work and approach used to create, and extend, browser fuzzing grammars based on w3c specifications to discover new and unexplored code paths, and find new browser security bugs. In particular, example of real bugs found in the Chrome and IE browser will be demonstrated. Speaker Bios: Saif is the body double for Borat, but couldn't pull off a mankini and ended up in information security. His focus is on fuzzing and vulnerability research. Etienne hopes he will outlive his beard, but in the meantime, this hacking schtick pays for beard oil. His other interests lie in mobile applications and no-sql databases. Both are analysts within SensePost's London office.