GRIMOIRE - Synthesizing Structure while Fuzzing

Explore a cutting-edge fuzzing technique presented at USENIX Security '19 in this 21-minute conference talk. Dive into GRIMOIRE, a fully automated coverage-guided fuzzer designed to efficiently test programs with highly structured inputs without human interaction or pre-configuration. Learn how this innovative approach synthesizes new structured inputs using grammar-like combinations, outperforming traditional fuzzers and improving upon existing grammar-based methods. Discover the impressive results achieved by GRIMOIRE, including the identification of 19 distinct memory corruption bugs in real-world programs and the acquisition of 11 new CVEs. Gain insights into the challenges of fuzzing programs with dedicated parsing stages and how GRIMOIRE addresses these issues through large-scale mutations in the input space.

USENIX Security '19 - GRIMOIRE: Synthesizing Structure while Fuzzing