1. »
  2. Lehrstuhl für Systemsicherheit
  3. »
  4. Lehre
  5. »
  6. Abschlussarbeiten
  7. »
  8. (Applications of) Fuzzing, Automated Exploit Generation, and Code (De-)Obfuscation

(Applications of) Fuzzing, Automated Exploit Generation, and Code (De-)Obfuscation

Research Overview

My research usually focuses on the automation of finding bugs (fuzzing yay!), understanding them, and either fixing or exploiting them. Beyond that, I do work on code (de-)obfuscation.

If any of this rings a bell & you’d like to write your thesis on them, feel free to email me (even if no matching topic is listed below, we might be able to find one that works for us both). 

Be advised: Usually, most topics require either some familiarity with the topic / background knowledge or are better suited for Master theses.

 

Are you interested in diving deep into applied Security Competitions? Check out our university’s CTF team: FluxFingers

Moritz Schloegel

Master's Thesis: Query Fuzzing -- Combining Static Analysis with Fuzzing

In this thesis, you will work towards fusing two fundamentally different approaches towards finding vulnerabilities: static and dynamic analysis. Tools like Joern allow a user to describe potential vulnerabilities by querying programs for certain patterns, for example to identify use-after-frees. Joern returns all locations matching this pattern but cannot judge whether a particular location can be reached at all or is a non-exploitable false positive.
Fuzzing, on the other hand, excels at proving a bug exists by simply finding proof in form of an input crashing the program. However, fuzzing is usually agnostic towards *where* to look for the bug and uses general metrics such as code coverage to guide its exploration. Now, if we assume queries mark *potentially* vulnerable code locations, we can direct the fuzzer towards exploring these queries (using so-called „directed fuzzing“). If the fuzzer finds a satisfying input, it demonstrates the validity of this report.
 
In this thesis, you will develop a directed fuzzer with the goal of reaching locations pointed to by the queries. 

Related Work / Relevant Links

Requirements

  • Ability to program in C/C++/Rust
  • Familiarity with binary code / reverse engineering
  • Previous experience with or interest in working with fuzzing
  • Previous experience with or interest in static analysis and diverse vulnerabilities

Bachelor's Thesis: On the Impact of Code Obfuscation on Fuzzing

Code obfuscation describes largely any technique that does not change the functionality of a program but makes it harder to analyze and reverse engineer. Usually, these techniques lead to somewhat „bloated“ code as complexity is achieved by adding instructions. This becomes even more apparent when investigating the performance overhead of obfuscation, which usually causes a slowdown of a factor in the hundreds if not thousands. Now, when fuzzing applications, we usually want fast execution times such that our fuzzer can efficiently test thousands of inputs per second.
 
In this thesis, you will analyze the impact of different obfuscation techniques on fuzzing efficiency.

Related Work / Relevant Links

Requirements

  • Familiarity with binary code / reverse engineering
  • Previous experience with or interest in working with fuzzing
  • Previous experience with or interest in code (de-)obfuscation
  • Interest in performance benchmarking