CanSecWest 2024

Presentations

From March 20 to 22

Marc Schoenefeld Robert Yuen Marc Schoenefeld Robert Yuen

Successfully Fuzzing High Value Targets with Low tech Strategies

In our talk we present our approach to apply low-tech fuzzing to pursue bug finding in high profile software products. For example well-chosen corpus computed ahead of time can be as powerful as collecting coverage data while fuzzing. Also threshold information such as meta-data tipping points can allow to fine tune bug hunting campaigns. Which means the applied techniques can be supplemental, and by replacing one with the other, bugs would still be found, while aiming for simplicity in the harness setup.

Read More