[pjc50]

There's never just one cockroach.

Likewise, once a technique has been sucessfully used to exploit one piece of software, there's a lot of milage in just trying that technique against everything else.

There's also the "try everything" option of fuzzing; the default tool for this is "afl-fuzz", which is automated once you've set up the target in a suitable configuration.

Generally there are three strategies:

- try to get some executable machine code in from outside and run it (buffer overrun, use-after-free etc)

- look at the set of files and data considered "trusted" and put something untrustworthy in there (XSS, DLL injection, /tmp exploits)

- attack the hardware (JTAG, power analysis, key exfiltration)