Talk Title: Practical Application of Fuzzing – Finding CVE-2021-3376

Download Slides


Yi Tian is a current member of NUS Greyhats, and a former intern of Star Labs. During his internship with Star Labs, he wrote fuzzers and harnesses and found an information disclosure vulnerability in Windows Media Foundation, CVE-2021-33760. Fuzzing is often misunderstood and through this presentation, we hope to enlighten you on just what goes into building a harness and running a fuzzer. We’ll also take a quick look at a real-world CVE discovered using a fuzzer, shedding light on the practical application of fuzzers.