Knowing the Unfuzzed and Finding Bugs with Coverage Analysis
Mark Griffin, ForAllSecure Security Researcher
About this talk
The rise in fuzzing has resulted in bugs getting found and fixed at an amazing rate. But it has raised some new questions: how do we find good fuzz targets quickly, and what is left to fuzz? These questions require tools and workflow that remain uncommon among software developers and security researchers alike, and one potential solution is in automated coverage analysis.
This motivation drove the development of bncov, an open-source coverage analysis plugin for Binary Ninja that enables scripting and the construction of tools to help you get the most bang for your fuzz-buck.
Mark Griffin is a researcher who has always been interested in working on difficult problems and always finding new ways to get the job done better. He’s been working in computer security for over 10 years, and in that time has realized he enjoys work more when he doesn’t have to use chopsticks to dig a ditch.