At GRIMM, we are always trying out new tools to build our capabilities in vulnerability research. We frequently use fuzzing to search for bugs in applications, but there are some bugs a fuzzer alone would not be able to find. So, we were excited to try out Driller, a tool written by Shellphish. Driller uses symbolic execution to find new parts of the code to fuzz, helping the fuzzer to find bugs that it might not have reached otherwise.
One of the things that is important to us at GRIMM is making sure there is time to experiment, and explore new ways of approaching problems. We want to answer the big questions like “How can we find vulnerabilities that other tools and manual analysis has overlooked?” This is what we are passionate about. So when one of our engineers has an idea for a new fuzzer, we try to make time for them to put their idea to the test.