Life of an Exploit: Fuzzing PDFCrack with AFL for 0days

Way back in April I did the first of our series of "0-day live streams" where we found brand new 0-day vulnerabilities in a piece of software called PDFCrack and exploited one of them. This video is a condensed explanation of the vulnerabilities and the process we used to find them, as well as a discussion about why AFL was able to find one much more easily than the other.

If you enjoyed this video and want more details into the process and techniques used to find and exploit these vulnerabilities, watch the full set of stream recordings here:    • 0-day streams: pdfcrack  

For more content like this, the normal schedule for live streams are Mondays at 7 PM and Wednesday at 4 PM, both times Eastern, although the most up to date schedule is available on Twitter.

Links:

Ropper: https://github.com/sashs/Ropper
Twitter:   / murmusctf  
Github: https://github.com/murmus