[摘要] In this thesis, I designed and implemented Confuzzer, a system that fuzzes certain classes of closed source binaries using Concolic Execution techniques in order to find vulnerable inputs into programs that could be leveraged by attackers to compromise systems that the binary might be running on. The design of this system allows improved performance on fuzzing programs that have a large branching factor or are heavily based on complex conditionals determining control flow. The system is designed around a Taint/Crash Analysis tool combined with a Path Exploration system to generate symbolic representations of the paths, generating a new set of inputs to be tested. These are implemented using a combination of Intel PIN for the Taint Analysis and Python/z3 for the Path Exploration. Results show that while this system is very slow in instrumenting each run of the binary, we are able to reduce the search space to a manageable level compared to other existing tools.