Workshop: fuzzing - automated discovery of memory corruption vulnerabilities

Logo
Presented by

Pavel Cheremushkin, vulnerability researcher, Kaspersky’s ICS CERT

About this talk

Identifying security weaknesses in the system is important – knowing what is wrong helps us fix those flaws and avoid security breaches in the future. One of the methods to assess the system is fuzzing, which helps to do just that, as well as identify memory use issues. Understanding fuzzing is essential for any security specialist as it an effective method to discover security bugs in software. In the past few years, thousands of vulnerabilities have been detected using this method as it often reveals things that can be missed by static program analysis or manual code inspection. Pavel Cheremushkin, a vulnerability researcher in Kaspersky's Industrial Control Systems Cyber Emergency Response Team will share his fuzzing know-how, explores the modern state of this technique and how to optimize the process of fuzzing. In this workshop you will: • Understand modern techniques on how to automate the discovery of memory corruption vulnerabilities • Learn how to use popular fuzzing tools and optimize the process • Understand how to discover a zero-day vulnerability in modern software by applying processes discussed in this session Who is this workshop for? • Vulnerability researchers, who will learn to find vulnerabilities faster and more effectively using new instruments. This will lead to the release of better software and a decrease of cyberrisks. • Developers, who will be able to create safer apps, for their employers to decrease reputation risks. • Independent security researchers who will increase their chances of finding zero-days in bug-bounty programs.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (252)
Subscribers (57557)
On this channel, Kaspersky experts share their knowledge and key insights into high-fidelity threat hunting and intelligence, incident management, malware analysis, reverse engineering, security solutions, and several other vital aspects of the cyberworld. To keep you up to date, the experts also provide detailed webinars and workshops on how Kaspersky security solutions and services can halt and prevent a vast range of malicious attacks conducted by cybercriminals. Kaspersky is a global cybersecurity and digital privacy company that has been providing protection for 25 years, with over 400 million users from more than 200 countries. Kaspersky experts' mission is to help you find the perfect weapon to protect against any cyberthreat, carried out by even the most sophisticated cybercriminals. Kaspersky researchers are top-notch cybersecurity and protection technology experts, who regularly take part in leading information security events worldwide as best-in-class speakers. Kaspersky’s deep threat intelligence and security expertise is constantly being transformed into innovative security solutions and services that protect businesses, critical infrastructure, governments and consumers around the globe. Subscribe and learn more about the latest cybersecurity discoveries on the threat landscape and how to defend against them. Contact us at https://www.kaspersky.com/about/contact