[Dailydave] Cloud fuzzing.
Matt Oh
oh.jeongwook at gmail.com
Wed May 13 03:42:20 EDT 2009
Nagy works at COSEINC? He was my former colleage :)
Anyway, I'm just curious he was doing format-aware fuzzing or just brute
forcing all the bytes and dwords of the file. In the previous case, the FP
rate will drop drastically compared to second one.
On Tue, May 12, 2009 at 11:12 PM, Dave Aitel <dave at kof.immunityinc.com>wrote:
> Today at SyScan Ben Nagy of COSEINC gave a talk on a fuzzing cluster
> he's built that does 1.2 million fuzz cases a day against Word 2007.
> As he mentioned, as software gets better, the problem shifts from fuzz
> case generation to crash analysis. If you're generating 200K crashes a
> day, you need to figure out which ones are "interesting".
>
> In the long run, the only answer is a program that writes real
> exploits. Only then can you say for sure something is "interesting".
> He's using !exploitable for WinDBG to get an approximation of the
> problem. It's a talk full of real metrics.
>
> 72 VM's doing Word
> 20 test cases run a second
> 10% cause crashes or so.
> Most of those are unexploitable (he had numbers, but I forget them),
> according to !exploitable.
>
> A small percentage say they are possibly exploitable, and out of
> those, largely false positives.
>
> The problem of fuzzing is exponential, but if you architect your
> fuzzer right, you can scale linearly with your budget. Perhaps your
> budget also grows exponentially? :>
>
> The problems for the future are interesting. Classification of
> potential exploitability is a problem that involves diffing program
> runs, examining programs deeply for structure and behavior, and all
> this has to scale up with your 200K cases a day.
>
> -dave
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
--
-matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090513/09c69939/attachment.htm
More information about the Dailydave
mailing list