One Click to Launch Them All: A Single Source for Centralized Fuzzing | Alejo Moles

August 9 | 1:00pm - 2:00pm

ABSTRACT:

PinguCrew is a web-based fuzzer platform that allows security researchers to test their software for vulnerabilities in a scalable and efficient manner. The tool is inspired by the ClusterFuzz tool but aims to remove any cloud service dependencies by running the tests within the user's own network.

Unlike ClusterFuzz, which requires users to use a third-party hosting platform, PinguCrew runs the tests on the user's own machines, giving them full control over the fuzzing process. This allows for more customization and flexibility, as users can set up their own testing environments with their desired configurations and testing parameters.

PinguCrew is designed to be highly modular, enabling users to easily integrate new fuzzer tools or modify existing ones to match their specific needs. The tool is built using a microservices architecture, with a Frontend using ReactJS to handle the user interface, a Backend using Django Python to handle server-side tasks and a Python worker bot to execute the fuzzer test cases.

PinguCrew also provides users with a Butler script to automate many of the common tasks involved in running and managing fuzzers, including deployments, executions, and tracking test results. This makes it easier for security researchers to focus on their research, without having to worry about the technical details of running and analyzing fuzzing tests.

Alejo Moles, Senior Security Consultant

With expertise in reverse engineering, penetration testing and software development, Alejo Moles Ramos is adept at malware analysis, countermeasure development, and reporting. With a master’s degree in cybersecurity, Alejo’s passion for research, together with analytical and organization skills, have helped him to expand his knowledge base while serving a constantly widening client base, from financial institutions to utilities.