Hacking Greybox Fuzzers to Spot Vulnerabilities in Software

Type:

Master Praktikum

Semester:

Summer Semester 2018

Language:

English

Preliminary Meeting:

Thursday 07.02.2018, 11.00,

Alonzo Church, 01.09.018

Lecturer:

Prof. Dr. Alexander Pretschner

Saahil Ognawala

LvNr:

Links:

TumOnline, Moodle

Contact:

Saahil Ognawala

Max. Number of participants

12

Pre-requisites

A background in software testing or software engineering is desirable. 

Content

As today’s software grow rapidly in size, so does the possibility of vulnerabilities in them, security or otherwise. Fortunately for security professionals, the automated vulnerability management tools at our disposal have also seen significant progress in the past few decades. However, there is still a long way to go for these tools to catch-up with the growing complexity of multi-component software and the tactful crackers in the wild. As of now, we mainly consider two vulnerability discovery techniques – whitebox fuzzing and blackbox fuzzing.

Whitebox fuzzing (or symbolic execution) is a powerful way to analyze programs by executing using “symbolic” values instead of concrete values, and exploring as many paths as possible. It is also useful in generating inputs (exploits) that lead to potential vulnerabilities in a program. Blackbox fuzzing is a smart variation of random testing that uses a few manually provided inputs and mutates them to trigger previously unseen behaviour in the program. However, whitebox fuzzing suffers from path-explosion and constraint solving issues while fuzzing is infamous for low coverage because it cannot pass “hard” conditional statements in programs. 

Objective of the Lab Course

In this practical course, we will aim to hack popular whitebox and blackbox fuzzers, such that we may overcome their individual flaws and spot more vulnerabilities than before. Using our open-source tools (some of them, in-house) and systematic instructions, our participant teams will compete to find as many vulnerabilities as possible in as many vulnerable open-source programs as possible.