Hackers of India

FuzzCube

By Anto Joseph on 06 Mar 2020 @ Nullcon
πŸ’» Source Code πŸ”— Link
fuzzing kubernetes cloud zero-day
Focus Areas: Cloud Security , Penetration Testing , Vulnerability Management
This Tool Demo covers following tools where the speaker has contributed or authored
FUZZCUBE

Abstract

Fuzzing over the ages has improved in tooling, logic, and process, but is still a number-crunching problem! You are improving your odds by throwing more CPU power at it. How do we make it happen without hacking through custom solutions that cannot be reused? This got me thinking: β€œEnter FuzzCube - Batteries Included! β€œ FuzzCube comes with State Sharing Features, Mutation Engines and Crash Verification tools that you could leverage in your projects. It leverages Kubernetes for its infrastructure orchestration capabilities. Using Kubernetes operators, we abstract the complexity of deploying a fuzzing infrastructure with distributed high throughput workloads, fault tolerance, storage orchestration, and high scalability. We will practise distributed fuzzing in the era of Cloud Native Computing and use our new skills to find some 0days ;)