Monday, June 11, 2012

Practical considerations implementing fuzzing acceleration via checkpointing

Hi all,
After giving my presentation in HITB I was fortunate to talk to some of the people that attended it and also some that contacted me via email afterwards. One of the most frequent questions I got was "how practical is it to implement a fuzzing acceleration framework?". Following up on that I decided to write a short post on the practical considerations of implementing an accelerated fuzzing framework by using DBI.
Some of the material in this post is based on one such Q&A discussion that I had with Peter Van Eeckhoutte (@corelanc0d3r) and published with his gracious permission.

Introduction to fuzzing acceleration via checkpointing

This section is aiming to provide a quick introduction to the subject. If you're familiar you can jump to the next section - practical implementation considerations.
If you're unfamiliar the concept of fuzzing acceleration via checkpointing and restoration the following slide from my HITB Amsterdam presentation provides an overview:

Friday, June 1, 2012

HITB Amsterdam 2012 Materials

Hi All!
HITB Amsterdam was an awesome conference. I hope you enjoyed it as much as I did. Thanks to all the organizers - you did an awesome job! Also thanks to everyone that attended my presentation you were a great audience, albeit sometimes quiet (shocked?!). :-)

Following HITB I wanted to make sure all of you know where to get the materials if you need those. The presentation is here, the source code for the pintool examples can be found here. If you are looking for more explanations of each of the code samples see this post.

Recently I've had a lot of discussions with people that attended the presentation in Amsterdam and with others regarding check-pointing techniques. Mostly for the sake of using check-pointing to perform high speed fuzzing but for various other usages as well. Since this seems like a topic that interests many people I've decided to write a blog post to detail some of the practical considerations implementing such systems. Look forward to this post soon.
If you'd like to request a post on a specific topic feel free to let me know what it is, though I make no promises...


Wednesday, May 23, 2012

Rebirth / Getting ready to HITB Amsterdam 2012

Hi all,
After a long period of not posting I'm finally back. A lot has happened in this period but most importantly I got married to my gorgeous wife Sonia. Due to the marriage preparations and some changes at work I didn't spare much time for personal research and publications. I currently have about five incomplete research projects. I am not going to make promises that I might not keep but I definitely plan to resume writing here and publishing new research in conferences.

I'll be giving a special edition of my instrumentation workshop in HITB Amsterdam on 24/May (known as a lab session in HITB speak). After learning a lot from the previous times I presented about instrumentation and improving my material I seriously believe that this will be the best edition ever. My only regret was that I had to cut down a lot of material due to the two hour presentation time. Normally people have trouble creating enough material for a two hour presentation so I guess I should count myself lucky. I've got a lot of goodness I want to put in and not enough time to talk about everything and show the demos.
Even so there is some awesome stuff included: automated vulnerability detection & prevention, fuzzing acceleration techniques, program visualization (good for anomaly detection and similarity detection), covert debugging (practically a built-in feature in PIN) and an introduction automated exploitation.

If you're interested in automated exploitation look forward to my next conference talk, possibly in (if I'm ready by then). 

If you're attending HITB Amsterdam 2012 I hope you'll come listen. If not you're welcome to say "hi" (or share a beer) anytime - I'll be happy to meet anyone that reads what I write here.

Gal Diskin