Hackfest 2020

Antonio Morales

Antonio Morales works as a security researcher at GitHub Security Lab, whose primary mission is to help improve Open Source project's security. Antonio's interests include fuzzing, code analysis, exploit development and C/C++ security.

Twitter: @Nosoynadiemas

The speaker's profile picture

Your twitter or other social network – @nosoynadiemas Which country are you from? – Spain


Advanced fuzzing workshop

In this workshop, I will cover some advanced fuzzing techniques and tricks for finding bugs in real modern software. I will show you how to improve your fuzzing workflow, using a methodology that can be easily applied to your software projects.

The workshop has a practical orientation so that attendees get a chance to learn by themselves and use their acquired knowledge. The format of the workshop will be a CTF (Capture-the-flag).

I will also show real vulnerabilities that I have found during the last year, as well as how I've used fuzzing to find them. Such bugs will serve as starting point for the rest of the workshop.

The CFT phase will be divided into 3 challenges:

  • Challenge 1: a review of the basic concepts
  • Challenge 2: focused on Network fuzzing
  • Challenge 3: focused on Custom mutators

I will give participants some hints and tips before and during each challenge. After each challenge, I will give participants a possible solution and I will explain it to them. In this way, participants will go through a learning-by-doing process

It's a medium-advanced level workshop, so previously knowledge about fuzzing and bug hunting is required.