The Art of Fuzzing Without Fuzzing presented at SyScan360 2015

by Ben Nagy,

Summary : With the growing popularity of usable guided fuzzing tools like AFL, it is time to revisit some old assumptions. Fuzzing researchers have always pointed out the importance of starting corpora, but exactly HOW important are they? We should be spending more of our time on corpus generation and less on fuzzing slow, annoying, GUI targets. But, just HOW good can we make them? What if we didn't need to fuzz those annoying targets all? This is a summary of a few months research into Corpus Driven Fuzzing, or, as I like to call it, Fuzzing Without Fuzzing.