Practical Guide to Fuzzing Programs with AFL

Practical Guide to Fuzzing Programs with AFL
Slide Note
Embed
Share

Explore the process of fuzzing a real program using American Fuzzy Lop (AFL) with NASM, a popular Netwide Assembler. Learn how to obtain AFL and NASM, create test samples, minimize samples, start the fuzzer, and receive tips for successful fuzzing. Embrace the journey that may take days, weeks, or even years to complete.

  • Fuzzing
  • AFL
  • NASM
  • Netwide Assembler
  • Security
ngo_dri
ngo_dri Follow

Uploaded on Sep 14, 2024 | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Fuzzing a Real Program With AFL

  2. Lets Fuzz NASM NASM: Netwide Assembler Chosen because Source code is readily available Compiles quickly and easily Simple enough to create test cases Complex enough to give us lots to fuzz Code is a bit rough (Might find real 0days! :) )

  3. Obtain AFL Download the latest build wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz Extract it tar xzvf afl-latest.tgz Build it cd afl-[version]/ make

  4. Obtain NASM Download git clone https://github.com/letolabs/nasm.git Build with AFL cd nasm ./autogen.sh CC=/path/to/afl-gcc ./configure make

  5. Create Some Samples mkdir in out nano in/1.asm in/2.asm in/3.asm ...

  6. Optional: Minimize Your Samples for F in $(ls in/); do /path/to/afl-tmin -i in/$F -o in/$F.min \ /path/to/nasm -f elf -o /dev/null @@ done

  7. Start The Fuzzer /path/to/afl-fuzz -i in -o out \ /path/to/nasm -f elf -o /dev/null @@

  8. Good Luck ! This can take days... weeks... years... Let it complete at least >25 cycles If it s taking too long, shrink your samples

Related


Fuzzing Review and Test Case Prioritization Strategies

Fuzzing Review and Test Case Prioritization Strategies

indiana
Community Programs and Service Fund (Fund 80) Overview

Community Programs and Service Fund (Fund 80) Overview

blaine
Online placement training programs for engineering students

Online placement training programs for engineering students

stalin1
What is the importance of upskilling programs for students?

What is the importance of upskilling programs for students?

stalin1
Effective Workflow for Vulnerability Research in Production Environments

Effective Workflow for Vulnerability Research in Production Environments

despina
Caterpillar Cat CP-663E CS-663E Vibratory Compactor (Prefix AFL) Service Repair Manual Instant Download (AFL00001 and up)

Caterpillar Cat CP-663E CS-663E Vibratory Compactor (Prefix AFL) Service Repair Manual Instant Download (AFL00001 and up)

Douglas2
Create Your AFL Box for Effective Classroom Assessment

Create Your AFL Box for Effective Classroom Assessment

aarav
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities

decimus
Training on Competence-Based Education and Practical Assignments

Training on Competence-Based Education and Practical Assignments

kasen
Comprehensive Guide to Volleyball Programs and Regulations

Comprehensive Guide to Volleyball Programs and Regulations

cato
Dual Credits and Cooperative Education Programs

Dual Credits and Cooperative Education Programs

zayaan
Practical Geometry Guide by S.N. Mishra

Practical Geometry Guide by S.N. Mishra

bartholomew
Finding Bugs in P4 Compilers

Finding Bugs in P4 Compilers

junaid
Maximizing Student Engagement Through Ongoing Assessment in the MFL Classroom

Maximizing Student Engagement Through Ongoing Assessment in the MFL Classroom

dans308
Pre-Collegiate and Youth Programs at University Level Spring 2019

Pre-Collegiate and Youth Programs at University Level Spring 2019

saon804
Fuzzing Cows: The No Bull Talk on Fuzzing Security

Fuzzing Cows: The No Bull Talk on Fuzzing Security

tice_gan
AFL Queensland Coaching Courses 2016 Event Schedule

AFL Queensland Coaching Courses 2016 Event Schedule

ludov
Enhancing Mobile App Testing Strategies for Quality Assurance

Enhancing Mobile App Testing Strategies for Quality Assurance

mel_bow
Impact of Trump Tax Law on Seniors in 2018

Impact of Trump Tax Law on Seniors in 2018

mac_s
AFL Queensland Coaching Courses 2017 Event Schedule

AFL Queensland Coaching Courses 2017 Event Schedule

zey_ken
AFL NSW/ACT 2024 School Competitions Timelines

AFL NSW/ACT 2024 School Competitions Timelines

seuf480
Approval Frameworks and Forms for Academic Programs by Tamara Ferry, Ph.D.

Approval Frameworks and Forms for Academic Programs by Tamara Ferry, Ph.D.

baus

More Related Content