Demystifying Fuzzer Behaviour
Addison
39th Chaos Communication Congress (39C3): Power Cycles · Day 1 · Saal Ground
In this insightful talk, "Demystifying Fuzzer Behaviour," Addison, a PhD student and former teacher, challenges the prevailing, often uncritical, perception of fuzzing as a "magic box" solution for bug discovery. The presentation aims to shed light on the fundamental limitations and misunderstood aspects of fuzzers, advocating for a return to scientific rigor and deeper understanding within the security research community. Addison argues that while fuzzing is a powerful technique, its efficacy is often hampered by critical weaknesses in our understanding of how fuzzers interact with target programs, particularly concerning state, input interpretation, and search strategies.