ZeroNights 2015
CENSUS researchers Nikolaos Naziridis and Zisis Sialveras presented their evolutionary fuzzing framework "Choronzon" at this year's ZeroNights conference in Moscow, Russia.
The road to efficient Android fuzzing
In the aftermath of the recent Android stagefright vulnerabilities, efficient fuzz testing techniques and tools for the Android ecosystem are again in the spotlight. In this post we would like to share some of the fuzz testing experience we have gained through our projects and show how it can be applied in the Android world. Additionally, we’ll enlist some of the public contributions we’ve made to open source tools aiming to help the community focus more on the target and less on the tooling.
Fuzzing Objects d’ART — Hack In The Box 2015 Amsterdam
Hello, my name is Anestis Bechtsoudis and I’m a security engineer at CENSUS. I recently gave a talk on Android ART runtime fuzzing techniques at the Hack-in-the-Box 2015 Amsterdam security conference. The talk entitled “Fuzzing Objects d’ART — Digging Into the New Android L Runtime Internals”, analyzed a series of DEX smart fuzzing techniques targeting the bytecode optimization and compilation components of the new Android ART runtime.
Hack in the Box 2015 Amsterdam
CENSUS security engineer Anestis Bechtsoudis delivered the "Fuzzing Objects d’ART" presentation at the Hack In The Box 2015 conference, in Amsterdam, Netherlands. The presentation provided an overview of the new Android Runtime (ART, introduced in the Android Lollipop release) and described the fuzzing mechanism that was required to identify bugs in the ART optimization process. Such bugs could be used by attackers to remotely execute code on any Android device running the Lollipop release.