File format fuzzing has been very fruitful at discovering exploitable vulnerabilities. Adversaries take advantage of these vulnerabilities to conduct spear-phishing attacks. This talk will cover the basics of file format fuzzing and show you how to use CERT’s fuzzing frameworks to discovery vulnerabilities in file parsers. http://www.cert.org/vuls/discovery/
Jared Allar is a vulnerability analyst within the CERT Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Jared Allar has done large-scale vulnerability coordination work for vulnerabilities that have affected hundreds of software vendors. Most notably, he has coordinated vulnerabilities discovered by HD Moore related to VxWorks and libupnp. When not coordinating vulnerabilities, he helps test and improve CERT’s fuzzing frameworks.