NorthSec 2021

Dhiraj Mishra

An active speaker who has discovered multiple zero-days in modern web browsers and an open-source contributor. He is a trainer at BlackHat and presented in conferences such as Ekoparty, Hacktivity, PHDays & HITB. In his free time, he blogs at and tweets on @RandomDhiraj

The speaker's profile picture

What is your title?

Senior Security Consultant

What is your company/affiliation(s)?

Cognosec DMCC

Website (full URL)

Twitter account (full URL)

LinkedIn profile (full URL)

GitHub account (full URL)


Introduction to fuzzing
Dhiraj Mishra

This workshop gives the audience a detailed overview about blind, input based fuzzing, finding memory bugs, diving into topics such as:

Intro to Fuzzing : The fundamentals of fuzzing, understanding why fuzzing is needed and how to make the process of fuzzing efficient.

Smart Fuzzing : We will look at using american fuzzy lop (AFL), which demonstrates the process of compile time instrumentation. We will understand the color code in AFL, process timing, stages, findings, yields, path geometry and stability. We will integrate address sanitizer (ASAN/MSAN) which helps in identifying address and memory corruption bugs, making the process smarter.

Triage Analysis : We look at POC's generated by AFL during the fuzzing process, attaching it to the actual binaries to see, how the input is handled by the binaries.

Vulnerability research