Presentation is loading. Please wait.

Presentation is loading. Please wait.

MICHAEL EDDINGTON Advanced Fuzzing with Peach 2.

Published byClifford Summers Modified over 9 years ago

Similar presentations

Presentation on theme: "MICHAEL EDDINGTON Advanced Fuzzing with Peach 2."— Presentation transcript:

1 MICHAEL EDDINGTON MIKE@LEVIATHANSECURITY.COM Advanced Fuzzing with Peach 2

2 Agenda Introduction to Peach 2 Data mutations Peach State Machine Peach Farm Peach in The Middle

3 Introduction to Peach 2

4 Peach 1 Framework for writing fuzzers Instrumentation via wrapper APIs No data definition layer (DDL), just fuzzer Steep learning curve Complex fuzzers result in complex fuzzer code

5 Peach 2 Reduce creation time and simplify fuzzer generation Fuzzer platform, not framework Modeling based approach Fault detection Lower learning curve

6 Modeling Based Fuzzing Model types and data Model state machine Support models with data sets Mutate models with mutators

7 Model Data: Types INT Flags INT Len INT Len STRING DATA INT Len INT Len INT DATA

8 Model Data: Relationships INT Flags INT Len INT Len STRING DATA INT Len INT Len INT DATA

9 Model Data: State Model Packet A Packet B-1 Packet C-1 Packet C-2 Packet D Packet B-2 Packet B-2

10 Benefits of Modeling Easy reuse of definitions Complex mutations can be applied to a model Improvements to data generation or mutation independent of model Data read into definition as well as generated

11 Data Modeling Define structure of data Define relations in data Reuse definitions Block Sequence Choice String Number Flags/Flag Blob Relation Transformer

12 State Modeling

13 Stream Call TCP, UDP, Files Connect Accept Input Output Close COM, RPC, SOAP Call  Method  Parameters  Result State Modeling

14 State Modeling: Stream State Machine State 1 Connect Output Input Output Change State State 2 Input Output Input Output Change State State 3 Input Output Input Close 1 1 2 2 3 3 4 4 5 5

15 State Modeling: Stream State Machine State 1 Accept Output Input Output Change State State 2 Input Output Input Output Change State State 3 Input Output Input Close 1 1 5 5

16 State Modeling: Stream State Machine State 1 Connect Output Input Close Change State State 2 Connect Output Input Output Change State State 3 Input Output Input Close 1 1 2 2 3 3 4 4

17 State Modeling: Call State Machine State 1 Start Call Change State State 2 Call Stop 1 1 2 2 3 3

18 Data Mutations

19 Mutation: String ?k1=v+1& k2=v2 “?k1=v+1&k2=v2” 40,000+ variations

20 Mutation: Number 00 Interesting Edge Cases FFFFFFFFFFFFFFFF

21 Mutation: Size Relation #1 Length: Data: 200 Bytes 200

22 Mutation: Size Relation #2 Length: Data: 200 Bytes 200

23 Mutation: Size Relation #3 Data & Length: 00 FFFFFFFFFFFFFFFF

24 Mutation: State Packet A Packet B-1 Packet C-1 Packet C-2 Packet D Packet B-2 Packet B-2

25 Mutation: State Packet A Packet B-1 Packet D Packet B-2 Packet B-2

26 Mutation: State Packet A Packet B-1 Packet D Packet B-2 Packet B-2

27 Add Custom Mutators Sling some Python Add additional mutations Specific mutations Etc.

28 AND DATA COLLECTION Fault Detection

29 Agents & Monitors Peach Agent Debugger Monitor Peach Agent Debugger Monitor Peach Agent Debugger Monitor Peach Agent Network Capture Peach

30 2 Tier Configuration Agent 1 Debugger Target Network Capture Agent 2 Debugger Backend Network Capture Peach Engine Agent Manager Logging 1 1 2 2 3 3 4 4 5 5 6 6

31 Monitors Debuggers Process Monitor Memory Monitor Network Capture VM Control (snapshot, revert) Networked Power Strips (cycle power) Easy to implement custom monitors

32 Peach Development

33 Documented XML Schema

34 Peach Builder

35 Peach Shark

36 MASSIVELY PARALLEL FUZZING Peach Farm

37 Adam Cecchetti Massively Parallel Fuzzing  Scales from 1 to 10,000 nodes Choose your Virtual Platform/Hosting  EC2, Xen, VMWare, Etc Utilizes Map/Reduce Algorithm  Map: Maps the fuzzing cases to indexes and results  Reduce: Reduces fuzzing results to interesting cases Metric based : Time, size, diff, expected errors, OS faults, crashes

38 WHAT’S NEXT? Peach in The Middle

39 Client Server Peach Controller Agent Data Model

40 HTTP://PEACHFUZZ.SF.NET HTTP://PHED.ORG MIKE@LEVIATHANSECURITY.COM Q & A

Download ppt "MICHAEL EDDINGTON Advanced Fuzzing with Peach 2."

Similar presentations

Fuzzing for logic and state issues

Fuzzing for logic and state issues
Lecture 12: MapReduce: Simplified Data Processing on Large Clusters Xiaowei Yang (Duke University)

Lecture 12: MapReduce: Simplified Data Processing on Large Clusters Xiaowei Yang (Duke University)
INTRODUCTION TO SIMULATION WITH OMNET++ José Daniel García Sánchez ARCOS Group – University Carlos III of Madrid.

INTRODUCTION TO SIMULATION WITH OMNET++ José Daniel García Sánchez ARCOS Group – University Carlos III of Madrid.
Introduction to .NET Framework

Introduction to .NET Framework
Good afternoon. My name is Marek Pawłowski

Good afternoon. My name is Marek Pawłowski
Software Frame Simulator (SFS) Technion CS Computer Communications Lab (236340) in cooperation with ECI telecom Uri Ferri & Ynon Cohen January 2007.

Software Frame Simulator (SFS) Technion CS Computer Communications Lab (236340) in cooperation with ECI telecom Uri Ferri & Ynon Cohen January 2007.
Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Www.kovan.ceng.metu.edu.tr Parallelized Evolution System Onur Soysal, Erkin Bahçeci Erol Şahin Dept. of Computer Engineering Middle East Technical University.

Parallelized Evolution System Onur Soysal, Erkin Bahçeci Erol Şahin Dept. of Computer Engineering Middle East Technical University.
SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.

SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.
Network Management: SNMP

Network Management: SNMP
1 MASTERING (VIRTUAL) NETWORKS A Case Study of Virtualizing Internet Lab Avin Chen Borokhovich Michael Goldfeld Arik.

1 MASTERING (VIRTUAL) NETWORKS A Case Study of Virtualizing Internet Lab Avin Chen Borokhovich Michael Goldfeld Arik.
QWise software engineering – refactored! www.qwise.se Testing, testing A first-look at the new testing capabilities in Visual Studio 2010 Mathias Olausson.

QWise software engineering – refactored! Testing, testing A first-look at the new testing capabilities in Visual Studio 2010 Mathias Olausson.
Antigone Engine Kevin Kassing – Period 5 2006-07.

Antigone Engine Kevin Kassing – Period
Database System Concepts and Architecture Lecture # 3 22 June 2012 National University of Computer and Emerging Sciences.

Database System Concepts and Architecture Lecture # 3 22 June 2012 National University of Computer and Emerging Sciences.
Committed to Deliver….  We are Leaders in Hadoop Ecosystem.  We support, maintain, monitor and provide services over Hadoop whether you run apache Hadoop,

Committed to Deliver….  We are Leaders in Hadoop Ecosystem.  We support, maintain, monitor and provide services over Hadoop whether you run apache Hadoop,
Presentation By Anil Kumar Marikukala, Syed Khaja Najmuddin Ahmed.

Presentation By Anil Kumar Marikukala, Syed Khaja Najmuddin Ahmed.
Zhonghua Qu and Ovidiu Daescu December 24, 2009 University of Texas at Dallas.

Zhonghua Qu and Ovidiu Daescu December 24, 2009 University of Texas at Dallas.
COMP 410 & Sky.NET May 2 nd, 2006. What is COMP 410? Forming an independent company The customer The planning Learning teamwork.

COMP 410 & Sky.NET May 2 nd, What is COMP 410? Forming an independent company The customer The planning Learning teamwork.
MapReduce: Simplified Data Processing on Large Clusters Jeffrey Dean and Sanjay Ghemawat.

MapReduce: Simplified Data Processing on Large Clusters Jeffrey Dean and Sanjay Ghemawat.
Node Mentoring Workshop “Sharing What We Node” Middleware Breakout Session.NET New Orleans, Louisiana February 9-10, 2004.

Node Mentoring Workshop “Sharing What We Node” Middleware Breakout Session.NET New Orleans, Louisiana February 9-10, 2004.

Similar presentations

Ads by Google