This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to BSidesLV 2016, our 8th annual BSides in beautiful Las Vegas, Nevada!
View analytic
Tuesday, August 2 • 15:00 - 16:00
Beyond the Tip of the IceBerg -- Fuzzing Binary Protocol for Deeper Code Coverage.

Sign up or log in to save this to your schedule and see who's attending!

Some fuzzers are blackbox while others are protocol aware. Even the ones that are made protocol aware, the fuzzer writer typically has to get the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee anything about the code coverage by the fuzzer. To make matters worse, what if we wish to attack a proprietary binary protocol with no protocol specification or source code access. Tools like AFL cannot come in handy because of we cannot compile the code, or give a function name to be monitored. There are other limitations like -- if we want to fuzz the 3rd packet in the protocol sequence, it is not possible with tools like AFL.

The presentation deals with this specific scenario where the target protocol is completely unknown (proprietary) and we do not have access to the source code or protocol specs. The tool we have developed builds a feedback loop between the client and the server components. The packet is then mutated optimally to increase the code coverage based on this feedback that the server component of our tool sends to the client component. The tool does not need target binary compilation and there is no need for the daemon to be restarted along with the feedback monitor. We fuzz using the runtime monitoring of the target daemon.

Looking forward to seeing you at the talk !!  

avatar for Mrityunjay Gautam

Mrityunjay Gautam

Manager, Product Security Team, Citrix Systems, Inc.
Mrityunjay leads the product security team for Citrix Systems in Santa Clara, US. His passion is to build intelligence into security toolkits to launch smarter attacks and build deeper defences for software systems. He has been working in the security industry for over 10 years and has presented at a few conferences in the past -- Sector, c0c0n, ICCTA, IEEE etc.

Alex Moneger

I enjoy working on security topics relating to bits and bytes such as crypto exploit dev, fuzzing and binary instrumentation. I have presented at several security conferences (Defcon, Nuit Du Hack, Shmoocon, ...) on the above topics. | I also have written more or less useful security tools such as numstitch, scapy-http2, fuzzmon… as well as contributed to some open source security tools (scapy-ssl_tls, run tracer, afl…) | In my day job... Read More →

Tuesday August 2, 2016 15:00 - 16:00
Breaking Ground Florentine A