An Introduction to Fuzzing and a direct application to the real world

Cite

Eidgenössische Technische Hochschule Zürich (ETH Zürich)

Galli, Leonardo

Formal Metadata

Title

An Introduction to Fuzzing and a direct application to the real world

Title of Series

VIScon 2021

Number of Parts

Author

Galli, Leonardo

License

CC Attribution - NonCommercial - NoDerivatives 2.5 Switzerland:
You are free to use, copy, distribute and transmit the work or content in unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/59502 (DOI)

Publisher

Eidgenössische Technische Hochschule Zürich (ETH Zürich)

Release Date

2021

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Are you getting tired of people reporting security issues in your software? Do you think checking the bounds of your buffers is too much work? You want to find bugs in "your" software, but accidentally "misplaced" the source code?Or maybe, the source code was found again, but nobody understands what it is doing? The answer to all of the above questions - and more - is fuzzing! In essence, fuzzing tries to - intelligently and automatically - find bugs in software. In this talk, you will first get to know how fuzzing actually accomplishes that and how to use it for finding bugs. As a direct application of the first part, we will then go over the process of taking the iPhone boot loader, making it runnable on linux and finally being able to fuzz it.