Practical File Format Fuzzing - Jared Allar Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)
Practical File Format Fuzzing - Jared Allar
Derbycon 2013

Description: File format fuzzing has been very fruitful at discovering exploitable vulnerabilities. Adversaries take advantage of these vulnerabilities to conduct spear-phishing attacks. This talk will cover the basics of file format fuzzing and show you how to use CERT’s fuzzing frameworks to discovery vulnerabilities in file parsers. http://www.cert.org/vuls/discovery/

Bio:Jared Allar is a vulnerability analyst within the CERT Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Jared Allar has done large-scale vulnerability coordination work for vulnerabilities that have affected hundreds of software vendors. Most notably, he has coordinated vulnerabilities discovered by HD Moore related to VxWorks and libupnp. When not coordinating vulnerabilities, he helps test and improve CERT’s fuzzing frameworks.

Back to Derbycon 2013 video list



If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek