The Aftermath of a Fuzz Run: What to do about those crashes?

No ratings

Presented at BSidesSLC 2017 by

Fuzzing is a highly effective means of finding security vulnerabilities - new, easy to use and highly effective fuzzers such as American Fuzzy Lop and libFuzzer have driven its increased popularity. Once a fuzz run has found cases that crash the target application, each must be reduced, triaged and the root cause found to enable a fix. In this presentation, David Moore will describe tools, tactics and techniques for performing post fuzz run analysis on the resulting crashes with the goal of fixing the vulnerabilities. The first section of the talk will introduce/review fuzz testing and memory corruption bugs. Then a complete crash triage/root cause analysis workflow will be outlined including the use of corpus and test case minimizers, debuggers and reverse debuggers and automated memory analysis and crash triage tools such as Valgrind memcheck, Crashwalk, and Address Sanitizer. Finally, examples of memory corruption bugs of varying degrees of exploitability will be presented. This talk is suitable for anyone with some C programming experience and an interest in using fuzzers to find security vulnerabilities. Attendees will learn how to effectively analyze, triage and fix crashing cases.