Tweet
Presenter: Luciano Remes
Co-Presenter: Wade Cappa
Location: W308
Day,Time: Fri Aug 9 , 2PM - 3:45PM
Audience: Offense, AppSec, Security Research
Project: https://github.com/Cybergenik/hopper
Abstract:
Hopper is a Coverage-Guided Greybox Distributed Fuzzer, inspired by AFL++, and written in Golang. Like other fuzzers, Hopper operates as a standard command-line interface tool, allowing you to run fuzz campaigns to find vulnerabilities and exploits in software. Hopper's mutation algorithm, energy assigning strategy, and out-of-process coverage gathering, are all inspired by AFL++, the current state of the art fuzzer. However, Hopper's distributed strategy differs substantially than AFL++ in an attempt to define a new distributed fuzzing paradigm. AFL++ and LibFuzzer have clear scaling limitations in larger environments, notably the AFL++’s rudimentary multi-machine mode. As an early prototype, Hopper addresses these limitations by implementing a deduplicating communication schema that establishes a consistency invariant, minimizing repeated work done by fuzzing nodes. Hopper is a standalone, new piece of software developed from scratch in the spirit of exploration, this is not yet another python plugin/extension for AFL++. Hopper is currently available on GitHub, including containerized runnable campaign demos. Tooling and observability are first class features, in the form of a TUI to monitor fuzzing campaigns, usage docs, and quick-start scripts for orchestrating fuzz campaigns.
Bios:
* Presenter:
Luciano Remes received a B.S. in Computer Science from the University of Utah,
where he did 2 years of grant-funded Systems research under the FLUX Research
Group, finally working on his Thesis Hopper: Distributed Fuzzer. During this
time, he also interned at AWS EC2 and Goldman Sachs SPARC infrastructure teams,
as well as a few startups including Blerp and Basecamp. Currently, he's a
Software Engineer at Palantir Technologies building distributed network
infrastructure.
* Co-Presenter:
Wade Cappa recently graduated from Washington State University with a B.S in
Computer Science and is now working at Palantir Technologies as a Software
Engineer on distributed data systems. He previously worked at Microsoft in the
Semantic Machines department, creating a dynamically linked debugging utility
for an internal use tooling language. In his freetime he is working with a
high-performance-computing research group on a cutting edge distributed
strategy for approximating submodular monotonic optimizations.
Co-Presenter: Wade Cappa
Location: W308
Day,Time: Fri Aug 9 , 2PM - 3:45PM
Audience: Offense, AppSec, Security Research
Project: https://github.com/Cybergenik/hopper
Abstract:
Hopper is a Coverage-Guided Greybox Distributed Fuzzer, inspired by AFL++, and written in Golang. Like other fuzzers, Hopper operates as a standard command-line interface tool, allowing you to run fuzz campaigns to find vulnerabilities and exploits in software. Hopper's mutation algorithm, energy assigning strategy, and out-of-process coverage gathering, are all inspired by AFL++, the current state of the art fuzzer. However, Hopper's distributed strategy differs substantially than AFL++ in an attempt to define a new distributed fuzzing paradigm. AFL++ and LibFuzzer have clear scaling limitations in larger environments, notably the AFL++’s rudimentary multi-machine mode. As an early prototype, Hopper addresses these limitations by implementing a deduplicating communication schema that establishes a consistency invariant, minimizing repeated work done by fuzzing nodes. Hopper is a standalone, new piece of software developed from scratch in the spirit of exploration, this is not yet another python plugin/extension for AFL++. Hopper is currently available on GitHub, including containerized runnable campaign demos. Tooling and observability are first class features, in the form of a TUI to monitor fuzzing campaigns, usage docs, and quick-start scripts for orchestrating fuzz campaigns.
Bios:
* Presenter:
Luciano Remes received a B.S. in Computer Science from the University of Utah,
where he did 2 years of grant-funded Systems research under the FLUX Research
Group, finally working on his Thesis Hopper: Distributed Fuzzer. During this
time, he also interned at AWS EC2 and Goldman Sachs SPARC infrastructure teams,
as well as a few startups including Blerp and Basecamp. Currently, he's a
Software Engineer at Palantir Technologies building distributed network
infrastructure.
* Co-Presenter:
Wade Cappa recently graduated from Washington State University with a B.S in
Computer Science and is now working at Palantir Technologies as a Software
Engineer on distributed data systems. He previously worked at Microsoft in the
Semantic Machines department, creating a dynamically linked debugging utility
for an internal use tooling language. In his freetime he is working with a
high-performance-computing research group on a cutting edge distributed
strategy for approximating submodular monotonic optimizations.