23 May 2016 marked the first day of the annual security conference organized by Hack In the Box. As usual, the event took place in Amsterdam, Netherlands. This year I had the privilege to attend. HITB is one of the top-notch technical conferences, where elite security researchers from around the world gather to share their research. Not to mention that it is also a great place to hang out with these people to exchange ideas offstage. There were so many great talks in this conference. I am pleased to share a couple of talks here that I feel were particularly interesting.
One of my favorite, and most anticipated talks, was Go Speed Tracer: Guided Fuzzing presented by Richard Johnson. Richard is an expert in fuzzing technology, particularly emphasizing on how to optimize the performance of traditional fuzzers to make them scale extensively. Of course, traditional fuzzing methodologies, such as dump fuzzing, which use simple sample-based mutation still work in most cases. However, they are often limited to discovering minor security issues, and eventually lead to bottlenecking, an issue many security researchers come across when writing their own fuzzer. Feedback driven fuzzing is an evolutionary fuzzing methodology, made possible by the introduction of American Fuzzy Lop (AFL), an approach that is able to enhance the coverage of a fuzzer, thereby increasing the chances that the user can discover more security issues, or even uncover severe security vulnerabilities. After thoroughly studying various open source fuzzers like AFL, Richard shed some light in his presentation on how to customize your own, optimal performance guided fuzzer using existing binary instrumentation technologies like Pin, DynamoRIO, and DynInst. He also performed a couple of demos that showed the performance overhead between Pin and DynamoRIO, which showed that DynamoRIO seems to outperform Pin in term of binary code instrumentation. Unfortunately, he wasn’t able to show the demo of AFL with full support for Windows binary, along with hardware tracing using Intel Processor Tracer via Windows driver, as the prototype has not been completed yet. Nevertheless, it was an inspirational talk for researchers who are interested in developing their own fuzzer.