Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework

DerbyCon 8.0 - Evolution

Presented by: Joe Rozner
Date: Friday October 05, 2018
Time: 14:00 - 14:25
Location: Kentucky C & D
Track: Stable

Fuzzers have played an important role in the discovery of reliability and security flaws in software for decades. They have allowed for test case generation at a rate impossible by hand and the creation of test cases humans may never conceive of. While there are many excellent fuzzers available most are designed for mutating source files or input in random ways and attempting to discover edge cases in the handling of them. Some others are designed with structured input in mind and use grammars to more strategically generate and mutate possible inputs that adhere to the format defined. These specifically are the ones we care about for the goals of identifying differences between multiple implementations of a single language, finding bugs in parse tree generation/handling of tokens, and handling of the data at runtime once it has been successfully lexically and syntactically analyzed. We’ll look at some of the shortcomings of existing fuzzers and discuss the implementation for a new platform designed to make fuzzer creation easier with the goal of being able utilize grammars from the implementations of the languages themselves.

Joe Rozner

Joe is an engineer at Prevoty where he has built semantic analysis tools, language runtimes, generalized solutions to common vulnerability classes, and designed novel integration technology leveraging runtime memory patching and instrumentation. He has a passion for reverse engineering, exploitation, teaching, and sharing research with others.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats