Harder, Better, Faster, Stronger: Semi-Auto Vulnerability Research

Black Hat USA 2010

Presented by: Lurene Grenier, Richard Johnson
Date: Wednesday July 28, 2010
Time: 15:15 - 16:30
Location: Milano 1+2+3+4
Track: Programmatic

Much work has been presented in the past few years concerning bug discovery through fuzzing. Everything from the feasibility of exhaustive generation fuzzing, to the continued productivity of simple mutation fuzzing has been covered. This talk will assume finding bugs is a foregone conclusion, and instead discuss the pre and post fuzzing process necessary to efficiently analyze vulnerabilities for a given program to the stage where exploitability has a high confidence, and exploitation can be handed off or undertaken in house. This process will be driven by intelligent, analyst driven automation, with a focus on the continued production of exploitable bugs with a minimum of wasted effort.

Lurene Grenier

Lurene Grenier manages the analyst/research team for the Sourcefire VRT, and is an active developer on the Metasploit Framework team. Her primary research revolves around the automation of exploit development when paired with intelligent fuzzing frameworks. She is an expert in reverse engineering, and has taught numerous well known professional security teams the skill. She was also responsible for the disassembly and patching of the high-profile Adobe Acrobat Reader JBIG2 0-day vulnerability.

Richard Johnson


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats