YoVDO

Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Programming Languages Courses Cybersecurity Courses Python Courses Javascript Courses Perl Courses Software Vulnerabilities Courses

Course Description

Overview

Explore a conference talk that uncovers critical vulnerabilities in programming languages through differential fuzzing techniques. Learn about undocumented functions enabling OS command execution, exposure of sensitive file contents in error messages, unexpected interpretation of native code, and potential misuse of constant names as strings for OS commands. Discover practical examples and findings across Python, Perl, JavaScript, JRuby, and PHP implementations. Gain insights into the extended differential fuzzing framework and its application to various programming languages, revealing hidden exploitable behaviors that could compromise system security.

Syllabus

Intro
Traditional Fuzzing
Types of Bugs: Crashes (cont).
Different Implementations
Different Inputs
Different Versions
Different OS (cont).
Extended Differential Fuzzing Framework
Extended Differential Fuzzing: Python 1/3
Extended Differential Fuzzing: Perl
Extended Differential Fuzzing: JavaScript
Extended Differential Fuzzing: JRuby
Extended Differential Fuzzing: PHP 1/4
Extended Differential Fuzzing: PHP 4/4
Black Hat Sound Bytes


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube