Dailydave mailing list archives
Cloud fuzzing.
From: Dave Aitel <dave () kof immunityinc com>
Date: Wed, 13 May 2009 02:12:48 -0400
Today at SyScan Ben Nagy of COSEINC gave a talk on a fuzzing cluster he's built that does 1.2 million fuzz cases a day against Word 2007. As he mentioned, as software gets better, the problem shifts from fuzz case generation to crash analysis. If you're generating 200K crashes a day, you need to figure out which ones are "interesting". In the long run, the only answer is a program that writes real exploits. Only then can you say for sure something is "interesting". He's using !exploitable for WinDBG to get an approximation of the problem. It's a talk full of real metrics. 72 VM's doing Word 20 test cases run a second 10% cause crashes or so. Most of those are unexploitable (he had numbers, but I forget them), according to !exploitable. A small percentage say they are possibly exploitable, and out of those, largely false positives. The problem of fuzzing is exponential, but if you architect your fuzzer right, you can scale linearly with your budget. Perhaps your budget also grows exponentially? :> The problems for the future are interesting. Classification of potential exploitability is a problem that involves diffing program runs, examining programs deeply for structure and behavior, and all this has to scale up with your 200K cases a day. -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Cloud fuzzing. Dave Aitel (May 13)
- Re: Cloud fuzzing. Matt Oh (May 13)
- Re: Cloud fuzzing. Dave Aitel (May 13)
- Re: Cloud fuzzing. Billy Lee (May 14)
- Re: Cloud fuzzing. Dave Aitel (May 13)
- Re: Cloud fuzzing. Ben Nagy (May 22)
- Re: Cloud fuzzing. Matt Oh (May 13)