Practical File Format Fuzzing

DerbyCon 3.0 - All In The Family

Presented by: Jared Allar
Date: Sunday September 29, 2013
Time: 09:00 - 09:50
Location: Track 3
Track: Teach Me

File format fuzzing has been very fruitful at discovering exploitable vulnerabilities. Adversaries take advantage of these vulnerabilities to conduct spear-phishing attacks. This talk will cover the basics of file format fuzzing and show you how to use CERT’s fuzzing frameworks to discovery vulnerabilities in file parsers. http://www.cert.org/vuls/discovery/

Jared Allar

Jared Allar is a vulnerability analyst within the CERT Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Jared Allar has done large-scale vulnerability coordination work for vulnerabilities that have affected hundreds of software vendors. Most notably, he has coordinated vulnerabilities discovered by HD Moore related to VxWorks and libupnp. When not coordinating vulnerabilities, he helps test and improve CERT’s fuzzing frameworks.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats