The Mysterious Paradigm of Fuzzing by Rakesh Seal

•

0 likes•54 views

This document provides an overview of fuzz testing, including: - Fuzz testing involves automated software testing using unexpected or malformed input data to identify vulnerabilities. It is useful for finding bugs and making software more reliable. - The main types of fuzzing are blackbox, whitebox, and greybox testing, depending on the level of input and system knowledge. Common fuzzing tools include AFL, Peach Fuzzer, KLEE, and SAGE. - Real world examples of fuzzing include projects by Google, Microsoft, and independent researchers that have found thousands of bugs through automated fuzz testing of software.

Technology

Fuzz Them All
The Mysterious Paradigm of Fuzzing

$ whoami
Rakesh Seal
● R&D, Keysight (ATI Research)
● Network Security
● Embedded Systems (IoT)
● Full Stack Dev
● Automation Enthusiast
● 10+ Patent Publication
● Play DoTA 👾
rakeshseal0.github.io

Fuzzing 101
What?
● Automated SW Testing
● Unexpected Input
● Large Input
● Feedback Loop
Why?
● Vulnerability Identiﬁcation
● Software Reliability
● Saves Time (Reduces Panic 😇 )
● Compliance

Fuzzing vs Brute Forcing
Aspect Brute-Forcing (🔓) Fuzzing (🪲)
Purpose To guess correct data To ﬁnd vulnerabilities in software.
Method
Tries every possible combination
systematically.
Inputs random or malformed data.
Target Authentication systems, encryption keys. Software applications, systems, protocols

Types of Fuzzing
BlackBox
● No Input Knowledge
● High Level Testing
● Large Target
Peach Fuzzer
WhiteBox GreyBox
● In Depth Knowledge
● Low Level Testing
● Speciﬁc Target
KLEE, SAGE
● Limited Knowledge
● Balanced Testing
● Focused Broad Target
AFL, ClusterFuzz

Corpus, Instrumentation, Coverage
Rakesh S

Enough Talk, Show me some Action !!
https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/INSTALL.md
https://github.com/mykter/aﬂ-training
https://github.com/antonio-morales/Fuzzing101

Where Do I use This Knowledge?
● web form
● API
● Authentication
Webapps
❏ ZAPP
❏ WFuzz
● System Tools
● Libraries
● Firmware
● Device Drivers
Binary
❏ AFL
❏ LibFuzzer
Network
❏ Scapy
❏ Sulley
Generic
❏ Peach
❏ Atheris
❏ go-fuzz
● TCP / IP
● L7 Protocols
● Communication
● Utility
● Scripts
● Backend Services

Real World Applications
Independent
Research
03
02
Google OSS-Fuzz
● 36,000+ bugs
● CVE-2016-5172 (Chrome),
● CVE-2017-3731 (OpenSSL),
● CVE-2018-20225 (LibreOﬃce)
01
Microsoft SLDC ● CVE-2020-0601 (Windows CryptoAPI)
● CVE-2019-0803 (Windows)
● CVE-2018-8174 (Internet Explorer)
● Heartbleed (CVE-2014-0160)
● Shellshock (CVE-2014-6271)
● BlueKeep (CVE-2019-0708)
● Linux Kernel (CVE-2014-0196)

RoadMap
��
Fuzz Own
Code
Start With AFL
��
Corpus,
Coverage,
Instrumentation
��
Crash Analysis
��
Other Fuzzers
��
Start Hunting
��

References
1. http://en.wikipedia.org/wiki/Fuzz_testing
2. https://pages.cs.wisc.edu/~rist/642-fall-2012/toorcon.pdf
3. https://owasp.org/www-community/Fuzzing
4. https://www.youtube.com/watch?v=COHUWuLTbdk&t=774s&ab_channel=LiveOverﬂow
“You won’t find any bugs in code you haven’t tested”

The sector demands that software development life cycle to be delivered faster and cheaper with increasing quality and reliability. TLC (testing life cycle) is a crucuel part of the time, cost and quality level for AUT (Application Under Test). Market got to point that all long ornate talks can be summed up in one word: EFFICIENCY. In quality aspect, automating testing activities had already been came forward to reduce development cycle times, cost, resources allocated with traditional test along past years. It's OK that automation increased the efficiency of the test process, so what about the efficiency of automation itself? Why most of the test automation projects fail (even if you're not aware of it is actually failing)? Because, automating without good test architecture may result in a lot of activity, but little value (if you are lucky). We will talk about following 6 main traits to build a successful test automation architecture; selection/implementation of test levels to be automated, design principles/patterns, locater strategy, tools / framework selection (aside from SeWD / Java), methodology (E2E Testing, TDD, BDD, Continuous Testing) and OOP pillars.

Secrets and Mysteries of Automated Execution Keynote slides

Alan Richardson

Fun with Macros & Other Sneaky Tricks to Avoid Detection - SANS Manchester 2020

Greg Bailey

Coding Dojo - Golden Master Technique - Approval Tests - Gilded Rose Kata-

Alin Pandichi

Testing strategies for legacy code

Alex Soto

Chapter 4 access control fundamental ii

Syaiful Ahdan

Python-Assisted Red-Teaming Operation

Satria Ady Pradana

Working with Legacy Code

Eyal Golan

Dimitrios Stergiou, CISO @ NetEnt addressed a number of traditional approaches to Application Security and discussed their shortcomings at Netlight Edge X breakfast seminar. Edge X breakfast seminars at Netlight are recurring events and talks, held by external speakers as well as employees of Netlight, within topics such as trends, challenges and opportunities within IT and management. He also discussed how the Agile methodology can be combined with an Application Security approach that has been proven to offer the most benefits. He also discussed how the DevOps culture can improve security and some do’s and don’ts when deciding to go down the DevOps path.

Tdd in practice

Andrew Meredith

Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23

Chase Schultz

Slides from Defcon IoT Village Workshop Ever wondered how people get shells via hooking up to chips or pins on a board? Or how to dump the firmware off a device you own at home? How chips that send those bits, bytes, and nibbles flying across traces on a board can be analyzed for profit? The Pwning IoT Devices via Hardware Attacks workshop is focused on a hands-on learning experience, of how people use hardware attacks to get initial access IoT Devices for security research. This workshop is designed for people new to hardware hacking, looking to have fun exploiting the Internet of (broken) Things. So come on out if you're looking to join the embedded system & IoT exploitation party!

Ha(Attackers) Exposed

Eugene Tawiah

Bruteforce basic presentation_file - linxidsecconf

Agile Days Twin Cities 2011

Brian Repko

Agile Secure Development

Bosnia Agile

How to make the agile team work with security requirements? To get secure coding practices into agile development is often hard work. A security functional requirement might be included in the sprint, but to get secure testing, secure architecture and feedback of security incidents working is not an easy talk for many agile teams. In my role as Scrum Master and security consultant I have developed a recipe of 7 steps that I will present to you. Where we will talk about agile secure development, agile threat modelling, agile security testing and agile workflows with security. Many of the steps can be made without costly tools, and I will present open source alternatives for all steps. This to make a test easier and to get a lower startup of your teams security process.

Practical hardware attacks against SOHO Routers & the Internet of Things

Chase Schultz

Derbycon 2015 (Unity) - Ever wondered how people get shells via hooking up to chips or pins on a board? Orhow to dump the firmware off a device you own at home?How chips that send those bits, bytes, and nibbles flying across traces on a board can be analyzed for profit? Practical hardware attacks against SOHO Routers & IoT — is focused on showing folks how to use hardware attacks to get initial access IoT Devices for security research. The talk is designed for people new to hardware hacking, looking to have fun exploiting SOHO routers and the Internet of (broken) Things.

Mobile Development - Unit and Automation Testing

Manuel Vicente Vivo

Gattacking Bluetooth Smart devices - introducing new BLE MITM proxy tool

Slawomir Jasek

Bluetooth Low Energy is probably the most thriving technology implemented recently in all kinds of IoT devices: gadgets, wearables, smart homes, medical equipment and even banking tokens. The BLE specification assures secure connections through link-layer encryption, device whitelisting and bonding - a mechanisms not without flaws, although that's another story we are already aware of. A surprising number of devices do not (or simply cannot - because of the use scenario) utilize these mechanisms. The security (like authentication) is, in fact, provided on higher "application" (GATT protocol) layer of the data exchanged between the "master" (usually mobile phone) and peripheral device. The connection from "master" in such cases is initiated by scanning to a specific broadcast signal, which by design can be trivially spoofed. And guess what - the device GATT internals (so-called "services" and "characteristics") can also be easily cloned. Using a few simple tricks, we can assure the victim will connect to our impersonator device instead of the original one, and then just proxy the traffic - without consent of the mobile app or device. And here it finally becomes interesting - just imagine how many attacks you might be able to perform with the possibility to actively intercept the BLE communication! Basing on several examples, I will demonstrate common flaws possible to exploit, including improper authentication, static passwords, not-so-random PRNG, excessive services, bad assumptions - which allow you to take over control of smart locks, disrupt smart home, and even get a free lunch. I will also suggest best practices to mitigate the attacks. Ladies and gentlemen - I give you the BLE MITM proxy. A free open-source tool which opens a whole new chapter for your IoT device exploitation, reversing and debugging. Run it on a portable Raspberry Pi, carry around BLE-packed premises, share your experience and contribute to the code.

Assessing a pen tester: Making the right choice when choosing a third party P...

Jason Broz, CIPP/US

Penetration Testing has become a part of every security program to some degree over the last several years. Additionally, many standards and regulations require them for compliance as do contractual obligations and pen testing is a well-known best practice for the IT security industry. One of the main issues with Penetration Testing is that very few entities have the knowledge, resources or time to address this in-house. As a result, this task is often outsourced to a third party, who employ “white-hat” hackers with the supposed expertise to complete the task in order to meet business and regulatory needs. The question is “How do you tell the difference between a seasoned group of pen-testing professionals and a low-rent firm whose simply handing over the reports from a canned tool?” In this presentation, Jason Broz and Tom Eston from SecureState will address the following issues: • Pitfalls of pen-testing clients • Games that some firms may play • What to look for in a quality pen test firm • Provide the audience with a checklist of questions to ask when choosing a pen-test firm.

Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation

Obika Gellineau

WTF is Penetration Testing v.2

Scott Sutherland

This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world. Additional resources can be found in the blog below: https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers More security blogs by the authors can be found @ https://www.netspi.com/blog/

OWASP Much ado about randomnessAleksandr Yampolskiy

N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018

Codemotion

Creating a quality web application is hard. It’s hard to gain customers, it’s hard to build your reputation and it’s hard to keep the costs low. Nevertheless, security is often an afterthought. However… Have you considered the cost of fixing security issues later? What about the reputational damage of a security breach? Are you worried about your customers’ data? We will talk about good security coding practices for web applications and how to apply them early on using some real world examples. We will also help you to think about your website’s vulnerabilities from the view of a hacker.

Fantastic Red Team Attacks and How to Find Them

Ross Wolf

Presented at Black Hat 2019 https://www.blackhat.com/us-19/briefings/schedule/index.html#fantastic-red-team-attacks-and-how-to-find-them-16540 Casey Smith (Red Canary) Ross Wolf (Endgame) bit.ly/fantastic19 Abstract: Red team testing in organizations over the last year has shown a dramatic increase in detections mapped to MITRE ATT&CK™ across Windows, Linux and macOS. However, many organizations continue to miss several key techniques that, unsurprisingly, often blend in with day-to-day user operations. One example includes Trusted Developer Utilities which can be readily available on standard user endpoints, not just developer workstations, and such applications allow for code execution. Also, XSL Script processing can be used as an attack vector as there are a number of trusted utilities that can consume and execute scripts via XSL. And finally, in addition to these techniques, trusted .NET default binaries are known to allow unauthorized execution as well, these include tools like InstallUtil, Regsvcs and AddInProcess. Specific techniques, coupled with procedural difficulties within a team, such as alert fatigue and lack of understanding with environmental norms, make reliable detection of these events near impossible. This talk summarizes prevalent and ongoing gaps across organizations uncovered by testing their defenses against a broad spectrum of attacks via Atomic Red Team. Many of these adversary behaviors are not atomic, but span multiple events in an event stream that may be arbitrarily and inconsistently separated in time by nuisance events. Additionally, we introduce and demonstrate the open-sourced Event Query Language for creating high signal-to-noise analytics that close these prevalent behavioral gaps. EQL is event agnostic and can be used to craft analytics that readily link evidence across long sequences of log data. In a live demonstration, we showcase powerful but easy to craft analytics that catch adversarial behavior most commonly missed in organizations today.

[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들

GangSeok Lee

2010 CodeEngn Conference 04 각종 논문 데이터나 기타 연구자료들을 살펴보면 키보드보안의 한계점에 대해 지목하고 그것에 대한 보완 대책을 논의하고 있는 내용이 많다. 물론 그러한 학문적인 접근도 중요하지만, 실제 키로깅을 하고 있는 해커의 입장에서는 어떤 식으로 키입력과 계정을 가져가는지 해커의 접근 방법을 살펴보는 것도 필요하다. 일반적으로 해커들은 커널 레벨이나 하드웨어 지식 베이스에 입각한 난해한 기법보다는, 보다 간편하며 실용적인 방법을 통해 계정을 가져간다. 그리고 그 같은 행위는 현재 키보드보안의 커버 범위를 뛰어넘는 새로운 기법을 보여주는 경우가 대다수이다. 이런 상황을 배경으로 실제 기업에서 발생하고 있는 사례나, 유저의 감염케이스를 리버스 엔지니어링으로 살펴보는 시간을 마련했다. 바이너리 해킹의 예술을 맛볼 수 있는 Art of Keylogging 발표에서 키 입력 탈취에 대한 새로운 트렌드를 소개한다. http://codeengn.com/conference/04

BTC2019 - The Key Creation Ceremony

Joshua McDougall

Welcome to the "How to Securely Create Cryptographic Keys" with Joshua McDougall. This presentation was delivered on Thursday, August 29th 2019. In this class, scholars will learn the process of creating keys with proper entropy, backup processes, and how environmental factors can weaken or improve the strength and secrecy of the key. By the end of the session, you will understand entropy sources, physical wallets, secure environments, and other helpful items that all come together to create strong keys for holding assets. You will each work within groups to create a multi-sig wallet that each scholar is a member of, verifying the key along the way and creating tamper-evident backups.

Why just fake it

danstroh

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx

null - The Open Security Community

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx

null - The Open Security Community

Similar to The Mysterious Paradigm of Fuzzing by Rakesh Seal

Unit Testing like a Pro - The Circle of Purity

Victor Rentea

Application Security within Agile

Netlight Consulting

Tdd in practice

Andrew Meredith

Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23

Chase Schultz

Ha(Attackers) Exposed

Eugene Tawiah

Bruteforce basic presentation_file - linxidsecconf

Agile Days Twin Cities 2011

Brian Repko

Agile Secure Development

Bosnia Agile

Practical hardware attacks against SOHO Routers & the Internet of Things

Chase Schultz

Mobile Development - Unit and Automation Testing

Manuel Vicente Vivo

Gattacking Bluetooth Smart devices - introducing new BLE MITM proxy tool

Slawomir Jasek

Assessing a pen tester: Making the right choice when choosing a third party P...

Jason Broz, CIPP/US

Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation

Obika Gellineau

WTF is Penetration Testing v.2

Scott Sutherland

OWASP Much ado about randomnessAleksandr Yampolskiy

N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018

Codemotion

Fantastic Red Team Attacks and How to Find Them

Ross Wolf

[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들

GangSeok Lee

BTC2019 - The Key Creation Ceremony

Joshua McDougall

Why just fake it

danstroh

Similar to The Mysterious Paradigm of Fuzzing by Rakesh Seal (20)

Unit Testing like a Pro - The Circle of Purity

Application Security within Agile

Tdd in practice

Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23

Ha(Attackers) Exposed

Bruteforce basic presentation_file - linx

Agile Days Twin Cities 2011

Agile Secure Development

Practical hardware attacks against SOHO Routers & the Internet of Things

Mobile Development - Unit and Automation Testing

Gattacking Bluetooth Smart devices - introducing new BLE MITM proxy tool

Assessing a pen tester: Making the right choice when choosing a third party P...

Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation

WTF is Penetration Testing v.2

OWASP Much ado about randomness

N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018

Fantastic Red Team Attacks and How to Find Them

[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들

BTC2019 - The Key Creation Ceremony

Why just fake it

Recently uploaded

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Bits & Pixels using AI for Good.........

Alison B. Lowndes

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Abida Shariff

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Recently uploaded (20)

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

"Impact of front-end architecture on development cost", Viktor Turskyi

Accelerate your Kubernetes clusters with Varnish Caching

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

UiPath Test Automation using UiPath Test Suite series, part 3

When stars align: studies in data quality, knowledge graphs, and machine lear...

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

FIDO Alliance Osaka Seminar: Overview.pdf

Bits & Pixels using AI for Good.........

GraphRAG is All You need? LLM & Knowledge Graph

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Leading Change strategies and insights for effective change management pdf 1.pdf

Search and Society: Reimagining Information Access for Radical Futures

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

The Mysterious Paradigm of Fuzzing by Rakesh Seal

1. Fuzz Them All The Mysterious Paradigm of Fuzzing

2. $ whoami Rakesh Seal ● R&D, Keysight (ATI Research) ● Network Security ● Embedded Systems (IoT) ● Full Stack Dev ● Automation Enthusiast ● 10+ Patent Publication ● Play DoTA 👾 rakeshseal0.github.io

3. Fuzzing 101 What? ● Automated SW Testing ● Unexpected Input ● Large Input ● Feedback Loop Why? ● Vulnerability Identiﬁcation ● Software Reliability ● Saves Time (Reduces Panic 😇 ) ● Compliance

4. Fuzzing vs Brute Forcing Aspect Brute-Forcing (🔓) Fuzzing (🪲) Purpose To guess correct data To ﬁnd vulnerabilities in software. Method Tries every possible combination systematically. Inputs random or malformed data. Target Authentication systems, encryption keys. Software applications, systems, protocols

5. Types of Fuzzing BlackBox ● No Input Knowledge ● High Level Testing ● Large Target Peach Fuzzer WhiteBox GreyBox ● In Depth Knowledge ● Low Level Testing ● Speciﬁc Target KLEE, SAGE ● Limited Knowledge ● Balanced Testing ● Focused Broad Target AFL, ClusterFuzz

6. Corpus, Instrumentation, Coverage Rakesh S

7. Enough Talk, Show me some Action !! https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/INSTALL.md https://github.com/mykter/aﬂ-training https://github.com/antonio-morales/Fuzzing101

8. Where Do I use This Knowledge? ● web form ● API ● Authentication Webapps ❏ ZAPP ❏ WFuzz ● System Tools ● Libraries ● Firmware ● Device Drivers Binary ❏ AFL ❏ LibFuzzer Network ❏ Scapy ❏ Sulley Generic ❏ Peach ❏ Atheris ❏ go-fuzz ● TCP / IP ● L7 Protocols ● Communication ● Utility ● Scripts ● Backend Services

9. Real World Applications Independent Research 03 02 Google OSS-Fuzz ● 36,000+ bugs ● CVE-2016-5172 (Chrome), ● CVE-2017-3731 (OpenSSL), ● CVE-2018-20225 (LibreOﬃce) 01 Microsoft SLDC ● CVE-2020-0601 (Windows CryptoAPI) ● CVE-2019-0803 (Windows) ● CVE-2018-8174 (Internet Explorer) ● Heartbleed (CVE-2014-0160) ● Shellshock (CVE-2014-6271) ● BlueKeep (CVE-2019-0708) ● Linux Kernel (CVE-2014-0196)

10. RoadMap �� Fuzz Own Code Start With AFL �� Corpus, Coverage, Instrumentation �� Crash Analysis �� Other Fuzzers �� Start Hunting ��

11. References 1. http://en.wikipedia.org/wiki/Fuzz_testing 2. https://pages.cs.wisc.edu/~rist/642-fall-2012/toorcon.pdf 3. https://owasp.org/www-community/Fuzzing 4. https://www.youtube.com/watch?v=COHUWuLTbdk&t=774s&ab_channel=LiveOverﬂow “You won’t find any bugs in code you haven’t tested”

The Mysterious Paradigm of Fuzzing by Rakesh Seal

Recommended

Recommended

More Related Content

Similar to The Mysterious Paradigm of Fuzzing by Rakesh Seal

Similar to The Mysterious Paradigm of Fuzzing by Rakesh Seal (20)

More from null - The Open Security Community

More from null - The Open Security Community (18)

Recently uploaded

Recently uploaded (20)

The Mysterious Paradigm of Fuzzing by Rakesh Seal