Security Consultant at SEC Consult
René Freingruber has been working as a professional security consultant for SEC Consult for several years. He operates research in the fields of malware analysis, reverse engineering, fuzzing and exploit development. He studies modern mitigation techniques and how they can be bypassed by attackers. In the course of that research he came across Microsofts Enhanced Mitigation Experience Toolkit and gave various talks about the insecurity of it at conferences such as RuxCon, ToorCon, ZeroNights, DeepSec, 31C3 and NorthSec. He also presented talks about application whitelisting at CanSecWest, DeepSec, IT-SeCX, BSides Vienna, QuBit, NorthSec and Hacktivity and the topic “hacking firewalls” at DeepSec, BSides Vienna, DSS ITSEC and IT-SeCX (lightning talks about the topic at Hack.lu and Recon Europe).
Fuzzing closed source applications
Fuzzing is a very powerful technique to detect flaws and vulnerabilities in software. The aim of this talk is to demonstrate different techniques which can be used to fuzz closed-source applications or libraries. Choosing the correct and most effective fuzzing technique will be discussed with real-world examples. Moreover, hints according common problems and pitfalls during fuzzing will be given. A special focus of the talk is fuzzing of closed-source applications and therefore reverse engineering techniques/tricks will be demonstrates to find the most important addresses for fuzzing in the target application.