High Performance Fuzzing presented at InfoSecSouthWest 2015

by Richard Johnson,

Summary : Security conference talks related to fuzzing tend to focus on distributed frameworks or new proof-of-concept engines. This talk will take a look at how to get the most performance out of your engine designs and fuzzing cluster for long term deployments. We will discuss topics like fork servers, static binary rewriting, patching Windows kernel to bypass memory limits and more tricks that have yet to be included in fuzzing talks. We have successfully applied these techniques to create a high performance port of AFL that targets binaries as well as speed up previous work on concolic execution and automated test generation. We will also compare effectiveness of various black box fuzzing approaches including model inference and directed fuzzing engines against a new benchmark composed of real-world vulnerabilities.
Highlights include:
Highest performance program tracing options for coverage and dataflow
Using bootkits to bypass software memory limits in Windows
RAM disk options on Windows
Harnessing copy-on-write on Windows
High speed automatic test generation
Benchmark set of real vulnerabilities for testing fuzzers
Performance of best-in-class fuzzers against benchmarks
Demo of port of AFL for targeting binaries
Demo of fast concolic testing