Fuzz By Number

More documents

Recommendations

Info

TargetsFTP Server - ProFTPDUses common ASCII based protocolSNMP Server - Net-SNMPUses binary based protocolDNS client - dig from BINDUses binary based protocol
The Bugs17 bugs added to each application - Thanks JakeHonoroff!Half were buffer overflowsA fourth were format stringsA fourth were others types of issues: commandinjection, double free, wild writes, etc.Not detectable with normal client (not THAT obvious)Prefaced with logging codeNot necessarily “exploitable” - but probably
Page 1 and 2: Fuzz By NumberMore Data About Fuzzi
Page 3 and 4: AgendaFuzzing, why we careHow do yo
Page 5 and 6: Generating Test CasesMutation-based
Page 7 and 8: Fuzzing LifecycleIdentifying interf
Page 9 and 10: Retrospective TestingTime period is
Page 11 and 12: Simulated VulnerabilityDiscoveryExp
Page 13 and 14: Code Coverage AnalysisInstrument th
Page 15 and 16: Our TestingThree network protocolsT
Page 17 and 18: Introducing The FuzzersGeneral Purp
Page 19 and 20: TaofOpen source, mutation basedGUI
Page 21 and 22: Mu-4000Commercial fuzzer from Mu Se
Page 23 and 24: eSTORMCommercial, generation based
Page 25: What’s Missing?What about SPIKE,
Page 29 and 30: Results!
Page 31 and 32: FTP - Summary% bugs found % code co
Page 33 and 34: SNMP Summary% bugs found % code cov
Page 35 and 36: DNS Summary% Bugs found % Code cove
Page 37 and 38: FTP OdditiesBugs 9, 12, and 13 were
Page 39 and 40: FTP Bug 16MODRET core_eprt(cmd_rec
Page 41 and 42: FTP Bug 4char *dir_canonical_path(p
Page 43 and 44: SNMP Bug #4int snmp_pdu_parse(netsn
Page 45 and 46: GeneralConclusions
Page 47 and 48: Generation Based ApproachMost Effec
Page 49 and 50: Protocol Knowledge Is Good% SNMP bu
Page 51 and 52: More Code Coverage...
Page 53 and 54: Statistics Says “Yes”Dep Var: B
Page 55 and 56: A Real BugAll this fuzzing with dif
Page 57 and 58: Special Thanks To:Commercial fuzzer

Fuzz By Number

Create successful ePaper yourself

Delete template?

Save as template?