Death by Thumb Drive: File System Fuzzing With Cert BFF - Will Dormann

CERT BFF is a file mutation fuzzer. Recent changes to BFF enable the ability to extend the operations that are performed by the fuzzer. In this talk I will discuss how I used CERT BFF to fuzz filesystems, and also how I analyzed kernel-level crashes. As the result of a brief amount of fuzzing, I was able to create a single USB thumb drive that will crash Windows, macOS, Linux, and other operating systems. I will also discuss impacts beyond OS crashes, and attack vectors that do not require physical access to a machine. Will Dormann has been a software vulnerability analyst with the CERT Coordination Center (CERT/CC) since 2004. His focus areas include web browser technologies, ActiveX, mobile applications, and fuzzing. Will has discovered thousands of vulnerabilities using a variety of tools and techniques.