Infiltrate Security Conference OPEN CFP

TALK PROFILE
This CFP closes in 2 days

Fuzzing the ‘Unfuzzable’

Vulnerability research
45

American Fuzzy Lop (AFL) revolutionized fuzzing. It’s easily the best thing out there for quickly performing cutting-edge automated vulnerability analysis on command line applications. But what about the situations where accessing the logic you want to fuzz via command line isn’t so simple? For example, maybe you want to fuzz a parsing function from an embedded system that receives input via an analog RF front-end. Sometimes you can write a test harness, but what if you could just emulate the parts of the code that you want to fuzz and still get all the coverage-based advantages of AFL? With afl-unicorn if you can emulate it, you can fuzz it. Afl-unicorn bridges the gap between the thoroughness of fully manual research (i.e. reading disassembly/source) and the unmatched ease-of-use of AFL. With a little bit of reverse engineering and setup time afl-unicorn lets you leverage all of the automated path-finding power of AFL to rapidly discover vulnerabilities regardless of how it gets its input. If you find yourself confidently reverse engineering the basic functionality of a target application, but would rather use an automated process to discover all the vulnerabilities it contains then afl-unicorn is for you. Afl-unicorn has been successfully used to find bugs in a wide variety of targets, from single-threaded embedded RF firmware to complex, widely used Windows and Linux applications. This talk will cover the basics of afl-unicorn, and walk you through a repeatable workflow you can use to fuzz your own target code.

Back to Open CFP
Rated 4 - 54 reviewers

Comments

Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to cfp@immunityinc.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are:

  • A trip to Miami Beach during the non-gates-of-hell hot season
  • A stay at one of the premier luxury resorts in the area
  • A no-bullshit environment where you don't have to be apologetic about
  • Ability to participate in the 1st ever profit sharing conference