Fuzzing File System Implementations to Uncover Security Bugs
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore advanced techniques for fuzzing file system implementations to uncover security vulnerabilities in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into the growing field of vulnerability research and fuzz-testing, focusing on file systems as an often overlooked component in both offensive and defensive security. Learn how to develop general guidelines for efficiently approaching this area of research by identifying potential attack surfaces. Gain insights into automating fuzzing processes for kernel file system implementations, with a particular emphasis on BSD-based systems. Discover the speaker's methodology for evaluating the robustness of established and newer file systems, including the use of mutation, metadata analysis, and user emulation. Examine specific case studies involving ZFS, and understand the importance of monitoring, verification, and core feature testing in the fuzzing process. Conclude with a discussion of key findings, their impact on boot times and network domains, and a live demonstration of the techniques presented.
Syllabus
Introduction
Outline
Why Fuzzing
Why BSD
File System Structure
Why Not Use LAX
First Test Case
Mutation
Metadata
Observations
User Emulation
User Emulation Commands
ZFS
Monitoring
Verification
Core Features
Results
Findings
Boot Times
Netdom
Lip OS
Conclusions
Demo
Taught by
Hack In The Box Security Conference
Related Courses
Metadata: Organizing and Discovering InformationThe University of North Carolina at Chapel Hill via Coursera Gérer les documents numériques : maîtriser les risques
CNAM via France Université Numerique Research Data Management and Sharing
The University of North Carolina at Chapel Hill via Coursera SharePoint Enterprise Content Management
Microsoft via edX Configuration Management on Google Cloud Platform
Google via Coursera