The slide deck containing all slides from the conferences.
Read more about fuzzing in my last blog post “Hack the Hacker – Fuzzing Mimikatz On Windows With WinAFL & Heatmaps (0day)”
CTF Challenge “Chat” (SECCON CTF – Try to find the vulnerabilities)
Using breakpoints to extract coverage information. Example with Adobe Reader.
Demonstration on finding the start and end address of the target function which should be fuzzed in-memory (Example with HashCalc).
In-memory fuzzing of HashCalc with WinAppDbg (750 exec / sec)
In-memory fuzzing of HashCalc with DynamoRio (170 000 exec / sec)
Fuzzing interactive applications with a self written fuzzer to discover deep bugs (which are not found per default by AFL)
This research was done by René Freingruber (@ReneFreingruber) on behalf of SEC Consult Vulnerability Lab.