{"id":136,"date":"2009-01-18T17:26:27","date_gmt":"2009-01-18T16:26:27","guid":{"rendered":"http:\/\/172.22.49.24\/?p=136"},"modified":"2009-01-18T17:26:27","modified_gmt":"2009-01-18T16:26:27","slug":"keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/","title":{"rendered":"Keynote SSTIC 2009 \u2013 Fuzzgrind: an automatic fuzzing tool"},"content":{"rendered":"<p>Presentation :\u00a0<strong>Gabriel CAMPANA<\/strong><\/p>\n<p><span style=\"text-decoration: underline;\">Main purpose of the tool:<\/span>\u00a0To make fuzzing completely automatic.<br \/>\n<strong>Starting from a single symbolic execution<\/strong>, It is capable of extrapolating other tests, by reversing each condition of the data path.<br \/>\nHowever, it is not feasible to check all the conditions, since the number of possibilities quickly becomes too large. Compromises will have to be found.<\/p>\n<p>The tool is based on\u00a0<strong>Valgrind\u00a0<\/strong>And\u00a0<strong>PLEASE<\/strong>.<br \/>\nValgrind for real-time code analysis.<br \/>\nSTP is a constraint solver. It takes as input a query composed of one or more constraints. The output indicates whether the query is satisfactory or not (providing a counterexample if necessary). In this way, the conditions for reaching a specific point in the execution path can be found.<\/p>\n<p>Valgrind (using a plugin) will filter the data (taint data) related to our input, then the intermediate representation will be analyzed, and possibly new inputs will be calculated for the following tests, and so on until all data paths have been checked.<\/p>\n<p>The tool found many known vulnerabilities in just a few minutes. It is particularly powerful for libraries.<\/p>","protected":false},"excerpt":{"rendered":"<p>Presentation: Gabriel CAMPANA Main purpose of the tool: To make fuzzing completely automatic. Starting from a [\u2026]<\/p>","protected":false},"author":10,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,22],"tags":[65],"class_list":["post-136","post","type-post","status-publish","format-standard","hentry","category-evaluation-securite","category-veille-securite","tag-sstic"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Keynote SSTIC 2009 - Fuzzgrind : un outil de fuzzing automatique - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Keynote SSTIC 2009 - Fuzzgrind : un outil de fuzzing automatique\" \/>\n<meta property=\"og:description\" content=\"Pr\u00e9sentation :\u00a0Gabriel CAMPANA But principal de l&rsquo;outil :\u00a0Rendre compl\u00e8tement automatique le fuzzing. A partir d&rsquo;une [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2009-01-18T16:26:27+00:00\" \/>\n<meta name=\"author\" content=\"Cyrille BARTHELEMY\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:site\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cyrille BARTHELEMY\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\\\/\"},\"author\":{\"name\":\"Cyrille BARTHELEMY\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/4d0993f0e377e77d13e97f623123e109\"},\"headline\":\"Keynote SSTIC 2009 &#8211; Fuzzgrind : un outil de fuzzing automatique\",\"datePublished\":\"2009-01-18T16:26:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\\\/\"},\"wordCount\":232,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"keywords\":[\"SSTIC\"],\"articleSection\":[\"S\u00e9curit\u00e9 offensive &amp; Audit\",\"Veille S\u00e9curit\u00e9\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\\\/\",\"name\":\"Keynote SSTIC 2009 - Fuzzgrind : un outil de fuzzing automatique - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"datePublished\":\"2009-01-18T16:26:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Keynote SSTIC 2009 &#8211; Fuzzgrind : un outil de fuzzing automatique\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\",\"name\":\"INTRINSEC\",\"alternateName\":\"ISEC\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"width\":1322,\"height\":1322,\"caption\":\"INTRINSEC\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Intrinsec\",\"https:\\\/\\\/fr.linkedin.com\\\/company\\\/intrinsec\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC0trUZAHNZOUbxYnNdecM4A\"],\"description\":\"soci\u00e9t\u00e9 de consulting, pure player cybers\u00e9curit\u00e9 fran\u00e7ais et europ\u00e9en depuis plus de 30ans, sp\u00e9cialiste dans la s\u00e9curit\u00e9 offensive & audit (pentest\\\/red team), GRC, et services IMSS comme le SOC, CTI et CERT Intrinsec est qualifi\u00e9 PASSI Elev\u00e9, PRIS Elev\u00e9 et PACS par l'ANSSI\",\"email\":\"contact@intrinsec.com\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/4d0993f0e377e77d13e97f623123e109\",\"name\":\"Cyrille BARTHELEMY\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g\",\"caption\":\"Cyrille BARTHELEMY\"},\"sameAs\":[\"https:\\\/\\\/www.intrinsec.com\"],\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/cby\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Keynote SSTIC 2009 - Fuzzgrind: an automatic fuzzing tool - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/","og_locale":"en_US","og_type":"article","og_title":"Keynote SSTIC 2009 - Fuzzgrind : un outil de fuzzing automatique","og_description":"Pr\u00e9sentation :\u00a0Gabriel CAMPANA But principal de l&rsquo;outil :\u00a0Rendre compl\u00e8tement automatique le fuzzing. A partir d&rsquo;une [&hellip;]","og_url":"https:\/\/www.intrinsec.com\/en\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/","og_site_name":"INTRINSEC","article_published_time":"2009-01-18T16:26:27+00:00","author":"Cyrille BARTHELEMY","twitter_card":"summary_large_image","twitter_creator":"@Intrinsec","twitter_site":"@Intrinsec","twitter_misc":{"Written by":"Cyrille BARTHELEMY","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/"},"author":{"name":"Cyrille BARTHELEMY","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/4d0993f0e377e77d13e97f623123e109"},"headline":"Keynote SSTIC 2009 &#8211; Fuzzgrind : un outil de fuzzing automatique","datePublished":"2009-01-18T16:26:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/"},"wordCount":232,"commentCount":0,"publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"keywords":["SSTIC"],"articleSection":["S\u00e9curit\u00e9 offensive &amp; Audit","Veille S\u00e9curit\u00e9"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/","url":"https:\/\/www.intrinsec.com\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/","name":"Keynote SSTIC 2009 - Fuzzgrind: an automatic fuzzing tool - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"datePublished":"2009-01-18T16:26:27+00:00","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/keynote-sstic-2009-fuzzgrind-un-outil-de-fuzzing-automatique\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"Keynote SSTIC 2009 &#8211; Fuzzgrind : un outil de fuzzing automatique"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intrinsec.com\/#organization","name":"INTRINSEC","alternateName":"ISEC","url":"https:\/\/www.intrinsec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","width":1322,"height":1322,"caption":"INTRINSEC"},"image":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Intrinsec","https:\/\/fr.linkedin.com\/company\/intrinsec","https:\/\/www.youtube.com\/channel\/UC0trUZAHNZOUbxYnNdecM4A"],"description":"Intrinsec, a consulting firm and pure-play French and European cybersecurity provider for over 30 years, specializes in offensive security and auditing (penetration testing\/red teams), GRC, and IMSS services such as SOC, CTI, and CERT. Intrinsec is qualified at PASSI High, PRIS High, and PACS levels by ANSSI.","email":"contact@intrinsec.com"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/4d0993f0e377e77d13e97f623123e109","name":"Cyrille BARTHELEMY","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g","caption":"Cyrille BARTHELEMY"},"sameAs":["https:\/\/www.intrinsec.com"],"url":"https:\/\/www.intrinsec.com\/en\/author\/cby\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/136","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=136"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/136\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}