MICHAEL EDDINGTON Advanced Fuzzing with Peach 2.

Slides:



Advertisements
Similar presentations
Fuzzing for logic and state issues
Advertisements

Lecture 12: MapReduce: Simplified Data Processing on Large Clusters Xiaowei Yang (Duke University)
INTRODUCTION TO SIMULATION WITH OMNET++ José Daniel García Sánchez ARCOS Group – University Carlos III of Madrid.
Introduction to .NET Framework
Good afternoon. My name is Marek Pawłowski
Software Frame Simulator (SFS) Technion CS Computer Communications Lab (236340) in cooperation with ECI telecom Uri Ferri & Ynon Cohen January 2007.
Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Parallelized Evolution System Onur Soysal, Erkin Bahçeci Erol Şahin Dept. of Computer Engineering Middle East Technical University.
SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.
Network Management: SNMP
1 MASTERING (VIRTUAL) NETWORKS A Case Study of Virtualizing Internet Lab Avin Chen Borokhovich Michael Goldfeld Arik.
QWise software engineering – refactored! Testing, testing A first-look at the new testing capabilities in Visual Studio 2010 Mathias Olausson.
Antigone Engine Kevin Kassing – Period
Database System Concepts and Architecture Lecture # 3 22 June 2012 National University of Computer and Emerging Sciences.
Committed to Deliver….  We are Leaders in Hadoop Ecosystem.  We support, maintain, monitor and provide services over Hadoop whether you run apache Hadoop,
Presentation By Anil Kumar Marikukala, Syed Khaja Najmuddin Ahmed.
Zhonghua Qu and Ovidiu Daescu December 24, 2009 University of Texas at Dallas.
COMP 410 & Sky.NET May 2 nd, What is COMP 410? Forming an independent company The customer The planning Learning teamwork.
MapReduce: Simplified Data Processing on Large Clusters Jeffrey Dean and Sanjay Ghemawat.
Node Mentoring Workshop “Sharing What We Node” Middleware Breakout Session.NET New Orleans, Louisiana February 9-10, 2004.
1 Abstracting the Content of System Call Traces Waseem Fadel Abdelwahab Hamou-Lhadj Department of Electrical and Computer Engineering Concordia University.
CS 390- Unix Programming Environment CS 390 Unix Programming Environment Topics to be covered: Distributed Computing Fundamentals.
COMS E Cloud Computing and Data Center Networking Sambit Sahu
MapReduce How to painlessly process terabytes of data.
Google’s MapReduce Connor Poske Florida State University.
9 September 2008CIS 340 # 1 Topics reviewTo review the communication needs to support the architectures variety of approachesTo examine the variety of.
PI Data Archive Server COM Points Richard Beeson.
A Brief Documentation.  Provides basic information about connection, server, and client.
GreenBus Extensions for System-On-Chip Exploration.
4/19/20021 TCPSplitter: A Reconfigurable Hardware Based TCP Flow Monitor David V. Schuehler.
Lecture 18: Object-Oriented Design
SOAP-based Web Services Telerik Software Academy Software Quality Assurance.
Dom and XSLT Dom – document object model DOM – collection of nodes in a tree.
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, written in Java code, that.
Marcelo R.N. Mendes. What is FINCoS? A set of tools for data generation, load submission, and performance measurement of CEP systems; Main Characteristics:
Lecture 4 Mechanisms & Kernel for NOSs. Mechanisms for Network Operating Systems  Network operating systems provide three basic mechanisms that support.
Jorke Odolphi Product Technology Specialist WebCentral Using Microsoft Operations Manager To Monitor And Maintain Your Farm.
Implementation of Embedded OS Lab5 Real-time Programming on μ C/OS-III.
DEV332 Programming for the Middle Tier in Visual Basic.NET Billy Hollis Author / Consultant.
MapReduce: Simplified Data Processing on Large Clusters By Dinesh Dharme.
DataLines a framework for building steaming data applications Mike Haberman Senior Software/Network Engineer
A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler.
Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.
Fuzzing And Oracles By: Thomas Sidoti. Overview Introduction Motivation Fuzzable Exploits Oracles Implementation Fuzzing Results.
+ Support multiple virtual environment for Grid computing Dr. Lizhe Wang.
Mandatory Assignment INF3190. Part 1: Client-server communication via TCP Develop a client-server application in C which allows a client to send UNIX.
Learn. Hadoop Online training course is designed to enhance your knowledge and skills to become a successful Hadoop developer and In-depth knowledge of.
Csinparallel.org Workshop 307: CSinParallel: Using Map-Reduce to Teach Parallel Programming Concepts, Hands-On Dick Brown, St. Olaf College Libby Shoop,
I Copyright © 2004, Oracle. All rights reserved. Introduction.
Implementation of Classifier Tool in Twister Magesh khanna Vadivelu Shivaraman Janakiraman.
Master Service Orchestrator (MSO)
TOPIC: Web Application Firewall & Fuzzers
Introduction to Distributed Platforms
Sabri Kızanlık Ural Emekçi
Applying Control Theory to Stream Processing Systems
Node.js Express Web Services
Spark Presentation.
Controlling a large CPU farm using industrial tools
Software Design and Architecture
Introduction to Information Security
Hierarchical Architecture
Unit Test Pattern.
AGENT OS.
CS110: Discussion about Spark
IS 4506 Server Configuration (HTTP Server)
Introduction to Apache
RM3G: Next Generation Recovery Manager
Technical Capabilities
SLAC monitoring Web Services
Nolan Leake Co-Founder, Cumulus Networks Paul Speciale
Presentation transcript:

MICHAEL EDDINGTON Advanced Fuzzing with Peach 2

Agenda Introduction to Peach 2 Data mutations Peach State Machine Peach Farm Peach in The Middle

Introduction to Peach 2

Peach 1 Framework for writing fuzzers Instrumentation via wrapper APIs No data definition layer (DDL), just fuzzer Steep learning curve Complex fuzzers result in complex fuzzer code

Peach 2 Reduce creation time and simplify fuzzer generation Fuzzer platform, not framework Modeling based approach Fault detection Lower learning curve

Modeling Based Fuzzing Model types and data Model state machine Support models with data sets Mutate models with mutators

Model Data: Types INT Flags INT Len INT Len STRING DATA INT Len INT Len INT DATA

Model Data: Relationships INT Flags INT Len INT Len STRING DATA INT Len INT Len INT DATA

Model Data: State Model Packet A Packet B-1 Packet C-1 Packet C-2 Packet D Packet B-2 Packet B-2

Benefits of Modeling Easy reuse of definitions Complex mutations can be applied to a model Improvements to data generation or mutation independent of model Data read into definition as well as generated

Data Modeling Define structure of data Define relations in data Reuse definitions Block Sequence Choice String Number Flags/Flag Blob Relation Transformer

State Modeling

Stream Call TCP, UDP, Files Connect Accept Input Output Close COM, RPC, SOAP Call  Method  Parameters  Result State Modeling

State Modeling: Stream State Machine State 1 Connect Output Input Output Change State State 2 Input Output Input Output Change State State 3 Input Output Input Close

State Modeling: Stream State Machine State 1 Accept Output Input Output Change State State 2 Input Output Input Output Change State State 3 Input Output Input Close

State Modeling: Stream State Machine State 1 Connect Output Input Close Change State State 2 Connect Output Input Output Change State State 3 Input Output Input Close

State Modeling: Call State Machine State 1 Start Call Change State State 2 Call Stop

Data Mutations

Mutation: String ?k1=v+1& k2=v2 “?k1=v+1&k2=v2” 40,000+ variations

Mutation: Number 00 Interesting Edge Cases FFFFFFFFFFFFFFFF

Mutation: Size Relation #1 Length: Data: 200 Bytes 200

Mutation: Size Relation #2 Length: Data: 200 Bytes 200

Mutation: Size Relation #3 Data & Length: 00 FFFFFFFFFFFFFFFF

Mutation: State Packet A Packet B-1 Packet C-1 Packet C-2 Packet D Packet B-2 Packet B-2

Mutation: State Packet A Packet B-1 Packet D Packet B-2 Packet B-2

Mutation: State Packet A Packet B-1 Packet D Packet B-2 Packet B-2

Add Custom Mutators Sling some Python Add additional mutations Specific mutations Etc.

AND DATA COLLECTION Fault Detection

Agents & Monitors Peach Agent Debugger Monitor Peach Agent Debugger Monitor Peach Agent Debugger Monitor Peach Agent Network Capture Peach

2 Tier Configuration Agent 1 Debugger Target Network Capture Agent 2 Debugger Backend Network Capture Peach Engine Agent Manager Logging

Monitors Debuggers Process Monitor Memory Monitor Network Capture VM Control (snapshot, revert) Networked Power Strips (cycle power) Easy to implement custom monitors

Peach Development

Documented XML Schema

Peach Builder

Peach Shark

MASSIVELY PARALLEL FUZZING Peach Farm

Adam Cecchetti Massively Parallel Fuzzing  Scales from 1 to 10,000 nodes Choose your Virtual Platform/Hosting  EC2, Xen, VMWare, Etc Utilizes Map/Reduce Algorithm  Map: Maps the fuzzing cases to indexes and results  Reduce: Reduces fuzzing results to interesting cases Metric based : Time, size, diff, expected errors, OS faults, crashes

WHAT’S NEXT? Peach in The Middle

Client Server Peach Controller Agent Data Model

Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.