Lucas Amorim

Lucas Amorim

Senior Vulnerability Researcher at Palo Alto Networks

Lucas Amorim is a senior security engineer with large experiences in application security and exploit development. For the past 4 years, he has been dedicated to vulnerability management and researching.

Presentation Abstract

Fuzzing Python Native Extensions

These days, most companies rely on high-level languages such as Python, Ruby, PHP, and others to build their products. One of the most significant benefits these languages bring is that developers don’t have to worry about memory safety. They can just sit down and write code without worrying about allocating and freeing memory. However, we also know that these languages provide interfaces to build native extensions (usually written in C or C++) for image parsing/management and other CPU-intensive tasks. In this talk, we will discuss how to build fuzzers to test and find bugs in these extensions. We will primarily focus on Python, but we will also discuss other languages.