Fuzzers like LEGO
From the AFL++ team comes a talk about the core concepts of fuzzing, novel fuzzing research, a library, and parts of fuzzing that can be edited and swapped out.
In this talk, we present the theory, building blocks and ideas behind our evolution to AFL++, a powerful and flexible new fuzzer design. Instead of a command line tool one-trick-pony, security researchers will be able to build the perfect fuzzer for their target, and extend parts of their fuzzer with their own code. After dealing with the monolithic C codebase inherited from AFL for over a year, we learned how to build a better toolsuite from scratch, as a library, with reusable components and easily maintainable code. The design of the framework follows a clear division of fuzz testing concepts into interconnected entities. Like LEGO bricks, each part of the fuzzer can be swapped out with other implementations, and behavior. The first prototype, libAFL, was developed as one of the AFL++ Google Summer of Code projects in C. After seeing that the concepts work in practice, we are now creating a powerful fuzzing framework in Rust. This talk discusses these concepts and how they relate to existing fuzzers at the state of the art. Thanks to its flexibility, the library can be used to reimplement a wide variety of fuzzers. We discuss how we tackle common problems like scaling between cores, and embedding the fuzzer directly into the target for maximum speed. The building blocks discussed in this talk will be the engine under the hood of a future AFL++ release, and, hopefully, your next custom-build fuzzer.

Additional information

Type Talk
Language English

More sessions

12/27/20 talks
Florian Festi
Laser cutters get more and more common in hacker and maker spaces around the world - and rightly so. They are amazing machines that are fast, precise, versatile and easy to use. This talk will get give a quick introduction into laser cutting and will show a few examples what a laser cutter can do.
12/27/20 talks
An overview of Tox, including the motivation for the project, its benefits, how the protocol works, info on the reference library, and info on some of the clients.
12/27/20 talks
Tobias "Tobi" Buchberger
Tox [0] is a free and open source peer-to-peer instant messaging protocol and implementation, that aims to provide secure messaging. It’s intended as an end-to-end encrypted (E2EE) and distributed Skype replacement. Tox’ cryptography is based on the NaCl library from Daniel J. Bernstein [1]. The cryptographic primitives for the key exchange (X25519), authentication (Poly1305) and symmetric encryption (XSalsa20) are state of the art peer-reviewed algorithms. Unfortunately Tox’ authenticated ...
12/28/20 talks
Names of people cannot be invalid.
12/28/20 talks
Die Geschichte einer etwas ungewöhnlichen Hausbesetzung im schwäbischen Reutlingen (kein Witz!) und was sich daraus bisher entwickelt hat - zusammen mit einer Idee, wie selbstbestimmtes Wohnen aussehen kann und meinen bisherigen Erfahrungen, was auf unserem Weg hilfreich war.
12/29/20 talks
Frauen gelten insbesondere als perfide Zielscheibe von Hass und Hetze im digitalen Diskurs. Wir schauen uns die Dimension der digitalen Gewalt gegen Frauen genauer an. Die Bandbreite unterschiedlicher Erscheinungsformen sowie ihre Strafbarkeit wird vorgestellt. Wir beleuchten die unterschiedlichen Ursachen und zeigen davon ausgehend die daraus entstehenden Probleme und Konsequenzen. Handlungsmöglichkeiten und ein interaktiver Austausch bieten einen aktiven Abschluss.
12/29/20 talks
Constantin Ganß
Der Vortrag soll auf "Anti-Corona-Demonstrationen" verbreiteten Antisemitismus aufmerksam machen. Zunächst wird in die zugrunde liegenden antisemitischen Erklärungsmuster und Denkweisen eingeführt. Danach wird Bamberg als "Case-Study" untersucht. Hierbei werden das Demonstrationsfeld und in Bamberg gehaltene Reden analysiert.