[hguant]

>They just start trying things they think will flummox the software.

This works...until you go against a target that's heard of fuzzing before and has the time and money to do it to their own code.

The really interesting Windows exploits require a combination of "throwing stuff that will flummox the software" and a deep level understanding of structures hidden to the average developer. Look at Yardin Shafir's really wonderful blog post about developing a kernel bug to a PoC - there's a lot of moving parts and security checks in modern windows, and having the source is a HUGE help.

[muricula]

Yardin Shafir's excellent blog post started with a bug found purely through fuzzing by an MS employee security researcher.

[kevinarpe]

I tried Googling to find this blog post. Did you mean to write Yarden Shafir? If yes, maybe it was this blog post? https://windows-internals.com/printdemon-cve-2020-1048/

I also found another hint about their findings in this PDF written by Yarden's co-researcher Alex Ionescu: https://www.usenix.org/system/files/woot20_slides_ionescu.pd.... One of the slides specifically mentions the use of fuzzing tools to find these issues.

If there are other, better links I don't know about, please kindly share. :)

[muricula]

Forgot to check for replies. In particular, I was thinking of this blog post: https://windows-internals.com/exploiting-a-simple-vulnerabil... Thanks for the correction, sorry I typoed her name.

Here's a tweet from the original finder: https://twitter.com/gabe_k/status/1330966182543777792?s=20

Yarden & Ionescu's work are both really top notch. Also anything by Google Project Zero if you want to do a deep dive on the subject.