Introduction

Fuzzing is a funny thing and often misunderstood. A fuzzer is a tool used to produce a result, not the result itself, although often the development of the fuzzer is treated as the end of the story. The intended result of a fuzzer is to expose some sort of flaw in a software application that can be used to twist the internal workings and application of the operating system. To make the most of the consequences of a fuzzer run, a researcher must be able to gather all the information possible about the state of the application, the output a fuzzer produces, and other seemingly small pieces of information that can prove the difference between a successful exploit discovery and just another software bug. To properly do this, a researcher must have a well-constructed environment that allows the capture of as much useful information as possible. An environment like this is not built by accident; instead, it requires a lot of time and conscious thought first. Although informative steps to build a good fuzzer in a variety of different methods have been discussed, there has yet to be a good document on how to build a good fuzzing environment.