Fuzzing C/C++ Programs

Abstract

Fuzz testing is an efficient way to find vulnerabilities and a very popular technique among security researchers. Some projects use fuzzing as part of their Continuous Integration systems. It helps to find not only vulnerabilities, but also catch stability issues and other regressions. Purpose of the workshop is to teach attendees to fuzz different C/C++ projects in an efficient way using modern tools.

During the workshop you will:

understand the basics of fuzzing
write several libFuzzer-based fuzzers for different projects
find Heartbleed and other known bugs by yourself
learn how to analyze and to improve your fuzzer
perhaps find some 0-days :)

Fuzzing experience is not required.

Materials

slides, https://github.com/Dor1s/libfuzzer-workshop

Max Moroz

Max Moroz is a member of Google Chrome Security Team and a graduate of the Information Security Department of National Research Nuclear University MEPhI (Moscow Engineering Physics Institute). He is also the founder of BalalaikaCr3w CTF team and two-times winner of Russian students contest on information security. Besides primary activity, he participates in CTF competitions and bug bounty programs.