Nowadays fuzzing is a pretty common technique used both by attackers and software developers. Currently known techniques usually involve knowing the protocol/format that needs to be fuzzed and having a basic understanding of how the user input is processed inside the binary. In the past since fuzzing was little-used obtaining good results with a small amount of effort was possible.
Today finding bugs requires digging a lot inside the code and the user-input as common vulnerabilities are already identified and fixed by developers. This paper will present an idea on how to effectively fuzz with no knowledge of the user-input and the binary. Specifically the paper will demonstrate how techniques like code coverage, data tainting and in-memory fuzzing allow to build a smart fuzzer with no need to instrument it.