Hi
user
Admin Login:
Username:
Password:
Name:
Fuzz all the things!
--client
lca
--show
lca2016
--room r3mix 10707 --force
Next: 12 Free as in cheap gadgets: the ESP8266
show more...
Marks
Author(s):
Erik de Castro Lopo
Location
Wool Museum
Date
feb Fri 05
Days Raw Files
Start
11:35
First Raw Start
11:25
Duration
0:45:00
Offset
0:09:23
End
12:20
Last Raw End
12:20
Chapters
00:00
0:00:02
Total cuts_time
45 min.
https://linux.conf.au/schedule/30243/view_talk
raw-playlist
raw-mp4-playlist
encoded-files-playlist
host
archive
tweet
mp4
svg
png
assets
release.pdf
Fuzz_all_the_things.json
logs
Admin:
episode
episode list
cut list
raw files day
marks day
marks day
image_files
State:
---------
borked
edit
encode
push to queue
post
richard
review 1
email
review 2
make public
tweet
to-miror
conf
done
Locked:
clear this to unlock
Locked by:
user/process that locked.
Start:
initially scheduled time from master, adjusted to match reality
Duration:
length in hh:mm:ss
Name:
Video Title (shows in video search results)
Emails:
email(s) of the presenter(s)
Released:
has someone authorised pubication
Unknown
Yes
No
Normalise:
Channelcopy:
m=mono, 01=copy left to right, 10=right to left, 00=ignore.
Thumbnail:
filename.png
Description:
markdown
This presentation was inspired by two un-related incidents. Firstly, in late 2014, the presenter received two separate bug reports of stack or heap overflows in well known and widely deployed pieces of Open Source software for which he was the maintainer. In both cases these bugs were found using the latest fuzzing tools, one of them being American Fuzzy Lop (AFL). Using AFL the presenter then found and fixed numerous other bugs in these two projects. Then, in early 2015, as part of the Snowden relevations, the SSH protocol and/or common implementations like OpenSSH were briefly suspected of containing a flaw that was known only to the NSA. Fortunately this suspicion quickly fell out of favour but how can we know for sure that the NSA doesn't have an exploit for OpenSSH? This open question led the presenter to try to figure out how to fuzz encrypted network protolcols like SSH. For OpenSSH, it turns out to be rather difficult but that is mainly a design flaw in OpenSSH itself. Software written to communicate over an encypted tunnel could easily be designed to make fuzzing relatively easy. The result is software that is more secure and robust. This presentation will cover: * What is fuzzing? * What makes American Fuzzy Lop and the LLVM Fuzzer so much better than previous fuzzers? * How do the GGC and Clang compiler's sanitizer options assist in the fuzzing process? * Using American Fuzzy Lop as a file input fuzzer. * Fuzzing network protocols (even encypted ones like SSH) with the LLVM Fuzzer. * Integrating fuzzing into your standard development process.
Comment:
production notes
2016-02-05/11_25_37.dv
Apply:
11:35:16 - 11:35:19 ( 00:00:02 )
S:
11:25:37 -
E:
11:35:19
D:
00:09:42
(
Start:
579.556168)
show more...
vlc ~/Videos/veyepar/lca/lca2016/dv/r3mix/2016-02-05/11_25_37.dv :start-time=0579.556168 --audio-desync=0
Raw File
Cut List
11:25:37
seconds: 579.556168
Wall: 11:35:16
Duration
00:09:42
11:35:19
seconds: 0.0
Wall: 11:25:37
Comments:
mp4
mp4.m3u
dv.m3u
Split:
Sequence:
:
delete
2016-02-05/11_35_20.dv
Apply:
11:35:20 - 12:20:22 ( 00:45:02 )
S:
11:35:20 -
E:
12:20:22
D:
00:45:02
show more...
vlc ~/Videos/veyepar/lca/lca2016/dv/r3mix/2016-02-05/11_35_20.dv :start-time=00.0 --audio-desync=0
Raw File
Cut List
11:35:20
seconds: 0.0
Wall: 11:35:20
Duration
00:45:02
12:20:22
seconds: 0.0
Wall: 11:35:20
Comments:
mp4
mp4.m3u
dv.m3u
Split:
Sequence:
:
delete
Rf filename:
root is .../show/dv/location/, example: 2013-03-13/13:13:30.dv
Sequence:
get this:
check and save to add this
2016-02-05/11_25_37.dv
2016-02-05/11_35_20.dv
Veyepar
Video Eyeball Processor and Review