In this session I present the technical side of that research: which are the different analysis that can be performed to obtain the unexpected behaviors. When fuzzed applications don’t crash, you can still potentially find more than 20 different types of issues. This talk exemplifies the capabilities of differential fuzzing with practical examples identifying which undocumented functions could allow OS command execution, when sensitive file contents may be partially exposed in error messages, how native code is being unexpectedly interpreted – locally and remotely – and when constant’s names could be used as regular strings for OS command execution. Additional undisclosed vulnerabilities will be shown throughout the talk to exemplify how to find more issues.
This talk will also include a new special release of the fuzzer.