Knowing the UnFuzzed and Finding Bugs with Coverage Analysis

Knowing the UnFuzzed and Finding Bugs with Coverage Analysis

The rise in fuzzing has resulted in bugs getting found and fixed at an amazing rate. But it has raised some new questions: how do we find good fuzz targets quickly, and what is left to fuzz? These questions require tools and workflow that remain uncommon among software developers and security researchers alike, and one potential solution is in automated coverage analysis.

This motivation drove the development of bncov, an open-source coverage analysis plugin for Binary Ninja that enables scripting and the construction of tools to help you get the most bang for your fuzz-buck.

Presented by