Fuzzing and Patch Analysis: SAGEly Advice presented at NoSuchCon 2015

by Richard Johnson,

Summary : Last year, in “Taint Nobody Got Time for Crash Analysis”, we presented implementations of analyses performed on taint traces that included a tool to help determine input leading to a crash and an exploitability evaluation tool based on symbolic execution. This year we will expand on these topics with a study of our efforts towards improving the effectiveness of binary differential analysis (bindiff) and replicating Microsoft Research’s work on the “Scalable, Automated, Guided Execution” (SAGE) fuzzer. Richard Johnson is a computer security specialist in the area of software vulnerability analysis. Richard currently fills the role of Manager of Vulnerability Development in charge of vulnerability discovery, triage, and mitigation research within Cisco Sourcefire VRT, offering 12 years of expertise and leadership in the software security industry. Current responsibilities include research on exploitation echnologies and automation of the vulnerability triage and discovery process. Previous areas of security research and tool development include program execution tracing, taint analysis, fuzzing strategies, memory management hardening, compiler mitigations, disassembler and debugger design, and software visualization. Richard has released public code for binary integrity monitoring, program debugging, and reverse engineering and has presented annually at top-tier industry conferences worldwide for over a decade. Richard is also a co-founder of the Uninformed Journal.