We describe our experience with a system designed to select optimal input seed candidates for software fuzz testing from large sample corpora with minimal initial investment of effort. Model inference assisted fuzzing has excelled at identifying vulnerabilities in software parsing highly structured input data, we describe how to achieve comparable results without the requisite grammar and at far reduced setup cost. Our technique applies set cover minimisation to sample corpora, combined with feedback driven mutation using using sub-instruction profiling. We intend to demonstrate a number of high profile vulnerabilities uncovered using this technique.

(The title is derived from the observation that major research into fuzzing is leaning towards making fuzzers more intelligent, and giving them greater understanding of the protocol and target they’re attacking. We argue that this is the wrong direction, and demonstrate how software can be made “dumber” generically, essentially making very naive fuzzing as effective as more expensive (in terms of development effort) fuzzers).

About Tavis Ormandy

TBC