Practical Guide to Fuzzing Programs with AFL

Slide Note
Embed
Share

Explore the process of fuzzing a real program using American Fuzzy Lop (AFL) with NASM, a popular Netwide Assembler. Learn how to obtain AFL and NASM, create test samples, minimize samples, start the fuzzer, and receive tips for successful fuzzing. Embrace the journey that may take days, weeks, or even years to complete.

ngo_dri
ngo_dri Follow

Uploaded on Sep 14, 2024 | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Fuzzing a Real Program With AFL

  2. Lets Fuzz NASM NASM: Netwide Assembler Chosen because Source code is readily available Compiles quickly and easily Simple enough to create test cases Complex enough to give us lots to fuzz Code is a bit rough (Might find real 0days! :) )

  3. Obtain AFL Download the latest build wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz Extract it tar xzvf afl-latest.tgz Build it cd afl-[version]/ make

  4. Obtain NASM Download git clone https://github.com/letolabs/nasm.git Build with AFL cd nasm ./autogen.sh CC=/path/to/afl-gcc ./configure make

  5. Create Some Samples mkdir in out nano in/1.asm in/2.asm in/3.asm ...

  6. Optional: Minimize Your Samples for F in $(ls in/); do /path/to/afl-tmin -i in/$F -o in/$F.min \ /path/to/nasm -f elf -o /dev/null @@ done

  7. Start The Fuzzer /path/to/afl-fuzz -i in -o out \ /path/to/nasm -f elf -o /dev/null @@

  8. Good Luck ! This can take days... weeks... years... Let it complete at least >25 cycles If it s taking too long, shrink your samples

Related


Fuzzing Cows: The No Bull Talk on Fuzzing Security

Fuzzing Cows: The No Bull Talk on Fuzzing Security

tice_gan
Effective Workflow for Vulnerability Research in Production Environments

Effective Workflow for Vulnerability Research in Production Environments

despina
Maximizing Student Engagement Through Ongoing Assessment in the MFL Classroom

Maximizing Student Engagement Through Ongoing Assessment in the MFL Classroom

dans308
Create Your AFL Box for Effective Classroom Assessment

Create Your AFL Box for Effective Classroom Assessment

aarav
Fuzzing Review and Test Case Prioritization Strategies

Fuzzing Review and Test Case Prioritization Strategies

indiana
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities

decimus
Finding Bugs in P4 Compilers

Finding Bugs in P4 Compilers

junaid
Pre-Collegiate and Youth Programs at University Level Spring 2019

Pre-Collegiate and Youth Programs at University Level Spring 2019

saon804
Comprehensive Guide to Volleyball Programs and Regulations

Comprehensive Guide to Volleyball Programs and Regulations

cato
Training on Competence-Based Education and Practical Assignments

Training on Competence-Based Education and Practical Assignments

kasen
Community Programs and Service Fund (Fund 80) Overview

Community Programs and Service Fund (Fund 80) Overview

blaine
Exploring Dual Credits and Cooperative Education Programs

Exploring Dual Credits and Cooperative Education Programs

zayaan
Comparison Between NPQ Stand-Alone Programs and Apprenticeship Programs with NPQs

Comparison Between NPQ Stand-Alone Programs and Apprenticeship Programs with NPQs

cara
Mission and Vision in Recreational Therapy Programs

Mission and Vision in Recreational Therapy Programs

clinepo
Understanding the Objectives of Online Laboratories in STEM Education

Understanding the Objectives of Online Laboratories in STEM Education

cai_ald
Changing Landscape of Science Education in England

Changing Landscape of Science Education in England

brer175
Michigan OTA Programs

Michigan OTA Programs

morwenna
NHS People Support Programs for Health and Wellbeing

NHS People Support Programs for Health and Wellbeing

kendrick
Greater Horizon Training Institute - Allied Health Programs

Greater Horizon Training Institute - Allied Health Programs

aviva
Enhancing Library Programs Through Action Research and Effective Communication

Enhancing Library Programs Through Action Research and Effective Communication

foly520
Rancho Mirage High School Information and Programs

Rancho Mirage High School Information and Programs

egan
NRCS Programs Update

NRCS Programs Update

aron
Overview of COVID Relief Funds for K-12 Education Programs ESSER & ARP ESSER

Overview of COVID Relief Funds for K-12 Education Programs ESSER & ARP ESSER

etienne
NYSERDA Energy Efficiency Programs for Agriculture

NYSERDA Energy Efficiency Programs for Agriculture

jalen

More Related Content

Early College Programs at UMass: Pathways to Success
Early College Programs at UMass: Pathways to Success
California Educator Preparation Programs: Highlights and Trends 2022-2023
California Educator Preparation Programs: Highlights and Trends 2022-2023
Analysis and Reporting for ESBOCES CTE Programs
Analysis and Reporting for ESBOCES CTE Programs
Understanding ERMHS Programs and Funding
Understanding ERMHS Programs and Funding
Property Tax Relief Programs in New Jersey
Property Tax Relief Programs in New Jersey
Provider Training Programs for Event Management Alignment
Provider Training Programs for Event Management Alignment
Enhancing TVET Programs for Student Employability and Transition to PSET
Enhancing TVET Programs for Student Employability and Transition to PSET
Understanding Special Populations Students in CTE Programs
Understanding Special Populations Students in CTE Programs
Legal and Policy Foundations of VA's Homeless Programs
Legal and Policy Foundations of VA's Homeless Programs
United States Department of Labor Benefits Programs Overview
United States Department of Labor Benefits Programs Overview
Performers and Programs Database Webinar - Overview and Features
Performers and Programs Database Webinar - Overview and Features
Evolution of School Nutrition Programs in the United States
Evolution of School Nutrition Programs in the United States
Office of Native American Programs at the U.S. Department of Housing and Urban Development
Office of Native American Programs at the U.S. Department of Housing and Urban Development
Effective Implementation of Civil Citation and Prearrest Diversion Programs in Florida
Effective Implementation of Civil Citation and Prearrest Diversion Programs in Florida
Understanding Computer Software and Operating Systems
Understanding Computer Software and Operating Systems
Pre-Collegiate and Youth Programs: Ensuring Program Standards and Risk Management
Pre-Collegiate and Youth Programs: Ensuring Program Standards and Risk Management
Eighth Judicial District Specialty Court Programs in Clark County
Eighth Judicial District Specialty Court Programs in Clark County
Education Equity Programs Overview at Penn State
Education Equity Programs Overview at Penn State
Information on Special Programs System and Afterschool Meal Services
Information on Special Programs System and Afterschool Meal Services
Overview of Royal Police Academy Training Programs
Overview of Royal Police Academy Training Programs
Understanding Project Loading Processes in ELF Programs
Understanding Project Loading Processes in ELF Programs
Math Enrichment Programs at Carleton: Inspiring Excellence in Mathematics
Math Enrichment Programs at Carleton: Inspiring Excellence in Mathematics
Rural Education Achievement Programs: SRSA and RLIS Introduction
Rural Education Achievement Programs: SRSA and RLIS Introduction
Enhancing Mathematics Education: Innovations and Quality Programs
Enhancing Mathematics Education: Innovations and Quality Programs