To test the viability of our framework, we fuzzed over one hundred packages from the Arch Linux package repository with essentially zero effort. After only a few days, we already found 11 crashes, six of which were exploitable.

By Bhargava Shastry + Dominik Maier + Vincent Ulitzsch

Full abstract and materials: https://www.blackhat.com/us-18/briefings/schedule/#follow-the-white-rabbit-simplifying-fuzz-testing-using-fuzzexmachina-11236

Posted by Charlie