Andy Davis

Paper Title

Fuzzing the easy way, using Zulu

Abstract

If you need to fuzz a binary protocol where do start? Maybe you capture the traffic using Wireshark and try to replicate it using your own Python script, adding in some mutation capabilities, or maybe you attempt to replicate the protocol by defining it using one of the many fuzzing frameworks (which can often be a steep learning curve). For many years I opted for the first approach and ended up with many bespoke fuzzing scripts that I had developed from scratch time and time again. After a while I decided that I could save myself and everyone else lots of time by developing a GUI-based, intuitive fuzzer that can proxy (then capture, mutate and replay) either ASCII or binary protocols in an easy and repeatable way. Zulu was born. This talk will describe the motivations behind the development of the tool, demonstrate why taking this approach is so easy to get you started in the world or fuzzing and discuss how Zulu has been successfully used to discover high profile bugs such as CVE-2012-0870.

Speaker Bio

Andy is Research Director at NCC Group. He has worked in the Information Security industry for over 20 years, performing a range of security functions throughout his career. Prior to joining NCC Group, Andy held the positions of Head of Security Research at KPMG, UK and Chief Research Officer at IRM Plc. Before working in the private sector he worked for ten years performing various roles in Government. Recently, Andy has been leading security research projects into technologies such as embedded systems and hardware interface technologies and developing new techniques for software vulnerability discovery. Andy regularly presents at conferences such as: Black Hat, DEF CON, CanSecWest, Infiltrate and EUSecWest