CENSUS researchers Nikolaos Naziridis and Zisis Sialveras have recently
on knowledge-based evolutionary fuzzing, at
2015 in Moscow, Russia. The talk introduced a cross-platform evolutionary
fuzzing framework, that will be released as a free and open-source tool.
The tool that was created as a result of this research is a file format fuzzer
that uses evolutionary algorithms to produce new test files. The target file
format is described by the user, via a simple python API which can focus the
fuzzer to a specific subset of features of the target application.
In the talk, we discussed the reasons we had to develop the fuzzer, along with
the thought process that led us to the current list of supported features in
Choronzon. We presented the tool’s architecture, its design and engineering
approach as well as the problems we have faced and the solutions we came up
with. Finally, we compared the different fuzzing strategies implemented in other
feedback-driven fuzzers, namely honggfuzz and AFL against the techniques we used
You may find the slide deck
The conference was a fun experience with a lot of interesting content this year.
Many thanks to the organizing committee, as well as the team of volunteers for
all their efforts to ease our stay in Moscow and facilitate our talk.