ClusterFuzz - Fuzzing at Google Scale

Explore the world's largest publicly known fuzzing infrastructure in this Black Hat conference talk. Discover how Google overcame challenges to operate a system running over 25,000 cores and 2,500 targets, uncovering more than 8,000 security vulnerabilities across Google products and 200 open source projects. Learn about ClusterFuzz's history, debunk fuzzing myths, and understand the ideal fuzzing workflow. Dive into blackbox fuzzing techniques, AFL fuzzer examples, and strategies for educating developers. Examine the build pipeline, optimization methods, and the intricacies of fuzzing bots and targets. Gain insights into corpus management, search strategies, deduplication processes, and continuous version analysis. Explore crash reporting, prioritization, and verification techniques. Investigate applications in Chrome and OSS security, and ponder future developments in fuzzing technology. Engage with key takeaways and participate in a Q&A session covering concurrency issues, bugs, corpus sharing, and the biggest challenges faced in creating a simple yet powerful fuzzing infrastructure.

Introduction
History
Fuzzing Myths
How to Scale
Ideal Fuzzing Workflow
ClusterFuzz Overview
What to Fuzz
Blackbox Fuzzing
Chrome Blackbox Fuzzing
AFL
Fuzzer
Example
Educating Developers
Build Pipeline
Optimization
Fuzzy Machines
Fuzzing BOTS
Fuzzing Targets
Corpus
Search
Strategy Selection
Deduplication
Deduplication example
Grouping
Minimize
Continuous Version
Variant Analysis
Unique Crashes
Examples
Test Case Report
Prioritization
Verification
External Reports
Reporters
Execution Speed
Crash Statistics
Code Coverage
More Applications
Chrome
OSS Security
Whats next
Key takeaways
Questions
concurrency issues
bugs
Corpus Sharing
Other Questions
Mutator
Hybrid Fighting
Future Plans
Corrupted Stack
Address Sanitizer
The biggest challenge
How we made it simple