DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2...

18
CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes) Version 1.0 Fuzzing FTW DEF CON 26

Transcript of DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2...

Page 1: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes) Version 1.0

Fuzzing FTW

DEF CON 26

Page 2: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

Newest Slides & Other Training Materials

The newest slides & other training materials for this workshop are on GitHub at:

● https://github.com/cno-io/fuzzing_ftw

#
#
#
#
Page 3: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

Who Are We?

● Kevin Lustic - Red Team Lead at Adobe DX● Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services

#
#
#
#
Page 4: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

Overview

#
#
#
#
Page 5: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

Fuzzing ProcessOverview

Fuzzing Process Overview:

● Acquire Knowledge● Instrumentation● Delivery● Generation● Scale● Repeat!

#
#
#
#
Page 6: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

#1 Acquire KnowledgeFuzzing Process

Just enough to do some effective fuzzing, do not over think it.

● Prior Research● Stack Overflow● Documentation● Code Review● Reverse Engineering● Etc...

#
#
#
#
Page 7: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

#2 Instrumentation Fuzzing Process

How will we know when the process has crashed?

#
#
#
#
Page 8: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

#3 Delivery Fuzzing Process

How will we get our fuzzed payloads to the target?

#
#
#
#
Page 9: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

#4 Generation Fuzzing Process

How will we generate new fuzzed payloads?

#
#
#
#
Page 10: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

#5 ScaleFuzzing Process

How will we scale this fuzzing operations?

#
#
#
#
Page 11: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

#6 Repeat! Fuzzing Process

Get a minimal viable fuzzing operations underway ASAP, then come back to each of these steps and progressively improve the operation over time.

#
#
#
#
Page 12: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

Hands-On Labs

#
#
#
#
Page 13: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

Blind Fuzzingwith RadamsaHands-On Lab...

#
#
#
#
Page 14: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

Function Fuzzing with libFuzzerHands-On Lab...

#
#
#
#
Page 15: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

File Fuzzingwith AFLHands-On Lab...

#
#
#
#
Page 16: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

Network Fuzzingwith BooFuzz (Sulley)Hands-On Lab...

#
#
#
#
Page 17: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

API Fuzzing with BradamsaHands-On Lab...

#
#
#
#
Page 18: DEF CON 26 Hacking Conference CON 26/DEF CON 26 workshops/DEF C… · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

Thank you!

● CNO.io○ https://github.com/cno-io/fuzzing_ftw

#
#
#
#

Bryce 0001

Bryce 0001

Carolina panthers Bryce H. and Bryce J.

Carolina panthers Bryce H. and Bryce J.

Bryce & Zion Canyons - Country Walkers · Bryce Canyon’s rim and a crystalline night sky. You gather for dinner at the rustic-yet-elegant main lodge. Bryce Canyon Lodge, Bryce Canyon

Bryce & Zion Canyons - Country Walkers · Bryce Canyon’s rim and a crystalline night sky. You gather for dinner at the rustic-yet-elegant main lodge. Bryce Canyon Lodge, Bryce Canyon

Kunz Sibylle

Kunz Sibylle

Kunz ul clear copy

Kunz ul clear copy

Takemitsu - Bryce

Takemitsu - Bryce

Votre programme détaillé · Bryce Canyon National Park ©Miguel Vaca Bryce Canyon Jour 5 Kanab – Bryce Canyon – Las Vegas Traversée de prairies en direction de Bryce Canyon,

Votre programme détaillé · Bryce Canyon National Park ©Miguel Vaca Bryce Canyon Jour 5 Kanab – Bryce Canyon – Las Vegas Traversée de prairies en direction de Bryce Canyon,

Inh Jahresbericht07 vh - phzh.ch · Amuat Michelina Anastasia Nicole Angst René Angst Ursina ... Kümin André Kunz Martin Kunz Ruth Kunz Sibylle Künzli ... Bélet Brigitte Maag-Visentin

Inh Jahresbericht07 vh - phzh.ch · Amuat Michelina Anastasia Nicole Angst René Angst Ursina ... Kümin André Kunz Martin Kunz Ruth Kunz Sibylle Künzli ... Bélet Brigitte Maag-Visentin

Bullet’s Four Front Defense Aaron Kunz kunz@wcusd15.org.

Bullet’s Four Front Defense Aaron Kunz [email protected].

Serverausfallsicherheit Christian Lindemann & Andre Kunz.

Serverausfallsicherheit Christian Lindemann & Andre Kunz.

by Dorothy Kunz Dearden

by Dorothy Kunz Dearden

Wärmepumpen und Kältetechnik III - Kunz Beratungen · 2015. 5. 19. · Wärmepumpen und Kältetechnik III Bauteile Stand 2007 Kunz - Beratungen Peter Kunz Fuchshalde 15 8305 Dietlikon

Wärmepumpen und Kältetechnik III - Kunz Beratungen · 2015. 5. 19. · Wärmepumpen und Kältetechnik III Bauteile Stand 2007 Kunz - Beratungen Peter Kunz Fuchshalde 15 8305 Dietlikon

Bryce Tutorial

Bryce Tutorial

Bryce alonso.ppt

Bryce alonso.ppt

Kennisatelier - Kelly Kunz - Cyberghost - "Friendscard"

Kennisatelier - Kelly Kunz - Cyberghost - "Friendscard"

kunz fenomenologia, movimiento humano

kunz fenomenologia, movimiento humano

HCF 2016: Erika Kunz

HCF 2016: Erika Kunz

Bryce Cline

Bryce Cline

Digitalisierung am POS oder wie Online die Innovation im … · 2016. 8. 28. · 03:38 Solang mis Härz no schlohd Kunz 03:50 Sommerchind Kunz 02:48 Kunz 03:15 Ech schwör Kunz 02:48

Digitalisierung am POS oder wie Online die Innovation im … · 2016. 8. 28. · 03:38 Solang mis Härz no schlohd Kunz 03:50 Sommerchind Kunz 02:48 Kunz 03:15 Ech schwör Kunz 02:48

Hoodoos at Bryce Canyon - npshistory.com...National Park Service U.S. Department of the Interior Bryce Canyon National Park Bryce Canyon, Utah Hoodoos at Bryce Canyon Please note:

Hoodoos at Bryce Canyon - npshistory.com...National Park Service U.S. Department of the Interior Bryce Canyon National Park Bryce Canyon, Utah Hoodoos at Bryce Canyon Please note: