Deuxième Année    Informatique    Sécurité    4MMSR-mini research project 

VBScript engine fuzzer

This is a "mini" research project for the course 4MMSR-Network Security

Keywords

fuzzing,memory corruption, scripting languages, interpreters

Description

Expected output

• different ways of building fuzzed scripts and the intuition behind each method
• implementation of those methods
• empirical evaluation of the methods (via experiments). compare you methods to a random walk in the grammar production rules

Research Questions

• propose a methodology for producing a VBScript attack grammar
• which methods seem to:
  • have the highest fault detection capabilities?
  • be the most efficient?

References

• Evolving Indigestible Codes: Fuzzing Interpreters with Genetic Programming (2013) (DO NOT DISTRIBUTE.)
• Fuzzing with Code Fragments, Christian Holler, Kim Herzig, Andreas Zeller (2012)
• Find a Compiler Bug in 5 Minutes, Christian Lindig (2005)
• VBScript grammar
• Software Compiler Project, Ensimag

Tools

• jsfunfuzz (Jesse Ruderman)

Results

{{{results}}}

Get Started!

• create an archive on the ensimag server, so that only your team members and I have access to it.
• Créer_une_archive_partagée_avec_Git
• obviously, do not forget to send me the path afterwards

Contacts

Fabien Duchene