Introducing Choronzon: an approach at knowledge-based evolutionary fuzzing
CENSUS researchers Nikolaos Naziridis and Zisis Sialveras have recently presented their research on knowledge-based evolutionary fuzzing, at ZeroNights 2015 in Moscow, Russia. The talk introduced a cross-platform evolutionary fuzzing framework, that will be released as a free and open-source tool.
The tool that was created as a result of this research is a file format fuzzer that uses evolutionary algorithms to produce new test files. The target file format is described by the user, via a simple python API which can focus the fuzzer to a specific subset of features of the target application. In the talk, we discussed the reasons we had to develop the fuzzer, along with the thought process that led us to the current list of supported features in Choronzon. We presented the tool’s architecture, its design and engineering approach as well as the problems we have faced and the solutions we came up with. Finally, we compared the different fuzzing strategies implemented in other feedback-driven fuzzers, namely honggfuzz and AFL against the techniques we used in Choronzon.
You may find the slide deck here.
The conference was a fun experience with a lot of interesting content this year. Many thanks to the organizing committee, as well as the team of volunteers for all their efforts to ease our stay in Moscow and facilitate our talk.