Explore the world's largest publicly known fuzzing infrastructure in this Black Hat conference talk. Discover how Google overcame challenges to operate a system running over 25,000 cores and 2,500 targets, uncovering more than 8,000 security vulnerabilities across Google products and 200 open source projects. Learn about ClusterFuzz's history, debunk fuzzing myths, and understand the ideal fuzzing workflow. Dive into blackbox fuzzing techniques, AFL fuzzer examples, and strategies for educating developers. Examine the build pipeline, optimization methods, and the intricacies of fuzzing bots and targets. Gain insights into corpus management, search strategies, deduplication processes, and continuous version analysis. Explore crash reporting, prioritization, and verification techniques. Investigate applications in Chrome and OSS security, and ponder future developments in fuzzing technology. Engage with key takeaways and participate in a Q&A session covering concurrency issues, bugs, corpus sharing, and the biggest challenges faced in creating a simple yet powerful fuzzing infrastructure. Read more