Awaiting Exploitation

By Morgan Hill

Talk - Tuesday, 14 September
14:30

As a Rust code auditor I have found great utility in fuzzing Rust code. Fuzzers have consistently turned up a treasure trove of interesting bugs, in peculiar places, which drives me with the desire to fuzz all the things. However, the complexity of async Rust has left a lot of code unexplored by fuzzing hands.

In this talk I will take you on a journey across naive approaches, through Tokio and back, eventually elaborating on an involved technique that works. Expect LibAFL, user mode QEMU, and a large degree of head scratching. All in aid of discovering the futures awaiting exploitation.

Speaker

speaker.name

Morgan Hill

Morgan is a freelance security consultant with a strong focus on Rust. He has helped a variety of commercial and community projects understand the subtlety of securing their applications. He picked Rust because it challenges him to find bugs in a ecosystem focused on correctness.Outside of work he seriously enjoys music and takes any opportunity to be outside.