Fuzzing Interns

August 20, 2015

TL;DR: our awesome interns got a 9.5 (out of 10) for building an awesome FSM Learner and Fuzzer, which we opensourced. Check it out. :)

SECURITY! Almost half a year ago we thought: how cool would it be if we would let loose a small group of students on our systems? Let them bash in whatever they can bash in. Best case scenario they find a lot of flaws, worst case they confirm that our systems are as good as we think they are. 

And so the 'Delft Boys' started. 3 guys doing their bachelor in Computer Science, that 1) wanted to have a kickass project to work on and 2) wanted to have fun. And so they did. For three months they tried to bash in our walls. Well, at least they tried. Although they did not penetrate our security, they did find some bugs (also read our piece about fucking fatals).

During the project they did not only try out various penetration methods, but they also developed two tools. A FSM Learner that generates finite state machines, and even cooler, a fuzzer for mobile applications. What a fuzzer does? It generates random data that fucks with everything that the environment has to offer. Automatically. That's what makes it cool. 

Anyway, they received a whopping 9.5 (out of 10) for their report (yes guys, we're proud). We also felt that the tools that the guys have built should be shared with the world. That's why, in close alignment with the Delft Boys and TU Delft, we made the decision to opensource the fuzzer and FSM learner application. This way others can build on their hard and awesome work. Check it out!