Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date

White Paper

0-knowledge fuzzing

  • Abstract

    Nowadays fuzzing is a pretty common technique used both by attackers and software developers. Currently known techniques usually involve knowing the protocol/format that needs to be fuzzed and having a basic understanding of how the user input is processed inside the binary. In the past since fuzzing was little-used obtaining good results with a small amount of effort was possible. 

    Today finding bugs requires digging a lot inside the code and the user-input as common vulnerabilities are already identified and fixed by developers. This paper will present an idea on how to effectively fuzz with no knowledge of the user-input and the binary. Specifically the paper will demonstrate how techniques like code coverage, data tainting and in-memory fuzzing allow to build a smart fuzzer with no need to instrument it. 

  • Download