Windows Kernel Fuzzing For Beginners presented at Syscan360 2012

by Ben Nagy,

Tags: Security

Summary : "Kernel bugs are cool, and like with all bug classes, there is low hanging fruit that can be hit with fuzzing, but the initial knowledge barrier represents class warfare waged by smart people like @kernelpool against people like me. To help honest, hard working fuzzers who prefer a 'low intellectual investment' strategy to bugs, this talk will cover how we take The Fuzzing Canon and apply it to the Windows Kernel. What can we fuzz? How do we instrument? How do we deliver the tests? And, most importantly, in my view - How do we scale that? Theory will be restricted to what's absolutely essential, I promise - no filling up time with IRP structure diagrams and boring 'knowledge', with a sincere effort to locate relevant, funny pictures of cats and otters and stuff."