Menu

    This was FuzzCon Europe 2020

    FuzzCon Europe 2020 was a full success. Although we had to host the conference remotely due to Covid-19, we were happy to welcome over 1100 participants online. In case you missed the event or you want to rewatch certain keynotes, you can find the recordings of each presentation below. 


    Sergej Dechand

    Introduction & Fuzzing 101

    Sergej Dechand is not only the CEO and co-founder of Code Intelligence but also an expert with years of expierence in usable security at Frauenhofer FKIE.

    In the first part of this presentation, he kicks off FuzzCon Europe 2020 with a short overview of the event. In the second part he proceeds to give a detailed explanation of the characteristics of fuzzing and its most recent history.


    Matthew Smith

    Usability Issues  of Modern Fuzzers

    Matthew Smith is a professor at the university of Bonn, co-founder of Code Intelligence and a member of Frauenhofer FKIE. His research interest lies in the intersection of technical IT security and behavioural science.

    Presentation topics:

    • Introduction into usable security
    • A user study comparing static code analysis to fuzzing
    • Usability comparision of libfuzzer and CLANG 

    Marcel Böhme

    Fuzzing Challenges and Reflections

    Marcel Böhme is a senior lecturer at Monash University. During his time as a senior researcher at the TSUNAMi Security Research Centre in Singapore, he has conducted lots of research to improve the overall understanding of fuzzing.

    Presentation topics:

    • The need for automated vulnerability discovery
    • The reason for the recent surge of interest in fuzzing
    • The opportunities that fuzzing brings with it

    Christian Holler

    The Human Component in Automated Bug Finding

    Christian Holler, also known as decoder, is currently working as a Staff Security Engineer at Mozilla. He centred his talk around the cultural aspects that influence the acceptance of fuzzing.

    Presentation topics:

    • The Do's and Don'ts that can hurt or benefit the relationship between developers and testers
    • Approaches to improve this relationship
    • When to Fuzz

    Andreas Zeller

    Taming Fuzzers

    Andreas Zeller is a Professor at CISPA Helmoltz Center for Information Security with long-time experience in the field of fuzzing. In this talk he explained how to control a fuzzer to bend it to one's own will. 
     
    Presentation topics
    • Customizing Fuzzers
    • Controlling Fuzzers
    • Fuzzing with grammars
    • Fuzzing example in Format Fuzzer

    Sirko Höer

    Fuzzing Suricata - Finding Vulnerabilities in Large Projects

    Sirko Höer is a Vulnerability Expert at the German Federal Office for Information Security. He gained his experience in the field of fuzzing doing cybersecurity in the military-industry, but also at Code Intelligence. During his time at Code Intelligence, he tested the open source program Suricata.

    Presentation topics:

    • Methodology of Fuzzing Projects
    • The setup
    • Analysis 
    • The Fuzz Target
    • Which bugs were found?

     

    Rakshith Amarnath

    What's different about Fuzzing Automotive Software?

    Rakshith Amarnath is a project lead for R&D at Bosch Corporate Research. In this presentation he gave us a detailed overview of automotive fuzzing.

    Presentation topics:

    • Why fuzz automotive software?
    •  Main differences in automotive fuzzing
    • Solutions for automotive fuzzing

    Cornelius Aschermann & Sergej Schumilo

    Stateful Fuzzing with Snapshots

    These two young gentlemen are security researchers at Facebook and at Ruhr-University Bochum. In their talk, they set forth some interesting approaches on how to fuzz entire systems and not just selected targets.

    Presentation topics:

    • The architecture of structure-aware grey-box fuzzing
    • Interactive Targets
    • Specifying Test Scenarios
    • Interactive Specs

    Sebastian Pöplau

    Symbolic Execution - What's That and how to Make it Efficient

    Up until recently, Sebastian Pöplau, PhD, was working for the Software and Systems Security Group of Eurcom.  In this presentation, he mainly discussed symbolic execution and how it can be implemented alongside fuzzing. 

    Presentation topics:

    • What is Symbolic Execution and how can it complement Fuzzing?
    • SMT Solving
    • Comparison: Symbolic Execution vs Fuzzing
    • Tracing Computations

    Bhargava Shastry

    Fuzzing the Solidity Compiler

    Bhargava is a security engineer at the Etherum Foundation. In this presentation, he walked us through the challenges of fuzzing solidity compilers and how he modified libfuzzer to be able to test the code.

    Presentation Topics

    • Fuzz Testing in general
    • Fuzzing a compiler
    • Differential Fuzzing

    Khaled Yakdan

    CI Fuzz - Continuous Fuzzing of Network Services

    As Chief Scientist and Co-Founder of Code Intelligence, Khaled is very well acquainted with fuzzing. In this keynote he spoke about Code Intelligence's own fuzzing platform CI Fuzz.

    Presentation topics:

    • Setting up CI Fuzz
    • How does Fuzzing work?
    • Instrumentation
    • Practical examples

    Kostya Serebryany

    Top N Challenges of "Deep" Fuzzing

    As principal software engineer at Google, Kostya Serebryany is one of the pioneers when it comes to modern fuzzing. In this presentation, he discussed the challenges of deep fuzzing.

    Presentation topics:

    • Why deep fuzzing is not the most important
    • Guided fuzzing
    • Execution
    • Different kinds of mutations

    Caroline Lemieux

    Expanding the Reach of Fuzzing

    As a Security Researcher at UC Berkeley, Caroline Lemieux has worked on many different fuzzers. In this presentation, she explained the important characteristics of coverage-guided fuzzing, using the example of several known fuzzers. 

    Presentation topics:

    • Basics of Coverage-guided fuzzing
    • Generator-based fuzzing
    • Fair-Fuzz
    • Perf-Fuzz
    • Fuzz-Factory
    • JQF/Zest