Hey kids, do you like finding bugs in software?? Then you'll love fuzzing!! Fuzzing is the art and science of feeding random data to a program to see how it reacts and hopefully find exploitable weaknesses. It has become all the rage in vulnerability research lately but it's hard to figure out where to start. What kinds of fuzzers are out there? What makes a program a good target for fuzzing? What can I do to improve my fuzzing results? This talk will discuss these issues and more. This is intended to be a gentle introduction to the topic so noobs are welcome! It can however be a somewhat advanced topic so be ready to veer briefly into operating system internals, debuggers, etc.