CERN Computing Seminar

Effective Fuzzing: From Noise to SIGSEGV

by Shawn Denbow (Microsoft Corp.)

31/3-004 - IT Amphitheatre (CERN)

31/3-004 - IT Amphitheatre


Show room on map

The term "fuzzing" was coined in the late 1980s as part of a class project at the University of Wisconsin. The goal of the project was to test the reliability of Unix programs by providing randomized inputs and monitoring for abnormal behavior. Since then, fuzzing has taken off as one of the foremost ways to uncover bugs in software of all forms.

In this talk, we'll take a brief tour of the history of fuzzing and look at how it has evolved over time. We'll discuss the various techniques developed over time and learn to apply them in an effective / efficient manner. I'll provide insight into my experiences with fuzzing and finish the presentation with details and a demo of a tool I developed to bring coverage-guided fuzzing to the MS Windows kernel.

About the speaker

Shawn Denbow is currently a software engineer in Microsoft's Base Platform Technologies team working. Previously he worked as a security engineer in Microsoft's Platform Security & Vulnerability Research team helping secure Hyper-V. His main interests are application security, reverse engineering and virtualization security. Before joining Microsoft, Shawn spent 4 years in the U.S. Air Force conducting cyber operations.