Fuzzing is a proven technique for uncovering vulnerabilities, but libraries remain hard to fuzz due to the need for specialized drivers. Manual drivers are costly and stall at coverage plateaus, while automated solutions often waste effort on invalid code paths. libErator builds API chains from static analysis, probes them, and crucially learns from rejection by avoiding invalid sequences in future attempts. This feedback-driven approach rapidly converges on valid, diverse drivers, balancing generation and testing. Across 15 C libraries, libErator uncovered 24 confirmed bugs.

About the speaker

Dr. Nicolas Badoux

EPFL (HexHive)

Nicolas Badoux is a PhD graduate in software security from HexHive @ EPFL with expertise in low-level protection mechanisms, automated vulnerability detection, and security design. His research focused on library fuzzing and compiler-based mitigations for the C++ language. Curious by nature, he loves to understand how stuff works and what are their weakest points.
Read more …