Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Fuzzing with AFL

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Ayush Priya Ayush Priya
November 16, 2021
Technology
43
0

Introduction to Fuzzing with AFL

This talk is an introduction to using AFL or American Fuzzy Lop to fuzz binaries.

Avatar for Ayush Priya

Ayush Priya

November 16, 2021

More Decks by Ayush Priya

See All by Ayush Priya
Scrubbing PII from Logs in LogStash
Avatar for Ayush Priya ayushpriya10
0
830
Introduction to Deserialization Attacks
Avatar for Ayush Priya ayushpriya10
2
680
Web Assembly for Hackers
Avatar for Ayush Priya ayushpriya10
0
66

Other Decks in Technology

See All in Technology
Oracle AI Database@Google Cloud:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
5
1.3k
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
Avatar for Cybozu cybozuinsideout
PRO
10
77k
Physical AI on AWS リファレンスアーキテクチャ / Physical AI on AWS Reference Architecture
Avatar for shota aws_shota
1
300
AWSで2番目にリリースされたサービスについてお話しします(諸説あります)
Avatar for Yuuki Yamashita yama3133
0
110
QA組織のAI戦略とAIテスト設計システムAITASの実践
Avatar for SansanTech sansantech
PRO
1
310
SSoT(Single Source of Truth)で「壊して再生」する設計
Avatar for かわうそ kawauso
2
410
開発チームとQAエンジニアの新しい協業モデル -年末調整開発チームで実践する【QAリード施策】-
Avatar for SmartHR 品質保証本部 qa
0
690
「活動」は激変する。「ベース」は変わらない ~ 4つの軸で捉える_AI時代ソフトウェア開発マネジメント
Avatar for 辻裕士/sentokun sentokun
0
140
Kiro Meetup #7 Kiro アップデート (2025/12/15〜2026/3/20)
Avatar for Katz Ueno katzueno
2
280
Babylon.js を使って試した色々な内容 / Various things I tried using Babylon.js / Babylon.js 勉強会 vol.5
Avatar for you(@youtoy) you
PRO
0
190
Zephyr(RTOS)でARMとRISC-Vのコア間通信をしてみた
Avatar for misoji engineer iotengineer22
0
120
TUNA Camp 2026 京都Stage ヒューリスティックアルゴリズム入門
Avatar for terry-u16 terryu16
0
660

Featured

See All Featured
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
Avatar for Mine Cetinkaya-Rundel minecr
1
220
The Curious Case for Waylosing
Avatar for Cassini Nazir cassininazir
0
280
The agentic SEO stack - context over prompts
Avatar for schlessera schlessera
0
730
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
Avatar for David Neal reverentgeek
1
400
How to build a perfect <img>
Avatar for Jono Alderson jonoalderson
1
5.3k
Leveraging Curiosity to Care for An Aging Population
Avatar for Cassini Nazir cassininazir
1
210
Introduction to Domain-Driven Design and Collaborative software design
Avatar for Kenny Baas-Schwegler baasie
1
700
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
14k
Crafting Experiences
Avatar for Bethany Jepchumba bethany
1
100
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
348
40k
Groundhog Day: Seeking Process in Gaming for Health
Avatar for Sebastian Deterding codingconduct
0
140
Navigating Algorithm Shifts & AI Overviews - #SMXNext
Avatar for Aleyda Solis aleyda
1
1.2k

Transcript

  1. Introduction to fuzzing with AFL

  2. Ayush Priya VIT, Vellore @ayushpriya10 https://ayushpriya.com https://www.linkedin.com/in/ayushpriya10

  3. What am I learning? • What is fuzzing and fuzzers?

    • What is AFL? • How to use AFL?

  4. Why am I learning this? • Discover undiscovered bugs •

    Build a robust approach to development • (Maybe make some money)

  5. What is Fuzzing? • A form of testing • Random

    invalid input • Behaviour analysis

  6. "You can find bugs in your sleep." - Craig Young

  7. Why fuzz at all? • Unique test cases • Eliminates

    methodology bias • Metrics - Code Coverage, Path Coverage

  8. Types of fuzzers • Mutational • Grammar • Feedback-based

  9. Introduction to AFL • Open-source • Smart fuzzer: PoC -

    “Hello JPG”

  10. Prerequisites • GCC, CLang • GDB, Exploitable • Screen •

    Libtool-bin, automake, bison, libglib2.0-dev, qemu

  11. Installation • Install AFL • Enable LLVM mode • Enable

    QEMU mode

  12. AFL Workflow • Compiling the binary with AFL’s compilers •

    Building a Test Corpus • Running AFL on the target binary • Analyse findings

  13. Compiling with AFL $ export CC=afl-clang-fast $ export AFL_HARDEN=1 $

    export AFL_INST_RATIO=100 $ ./configure $ make

  14. Building Test Corpus • Supplying test case(s) $ cp /bin/ps

    afl_in/

  15. Fuzzing with source • Build binary from source AFL •

    Add test cases to afl_in • Fuzz! $ afl-fuzz -i in/ -o out/ -- ./bin @@

  16. Parallel Fuzzing • One core per fuzzer • Check free

    cores $ afl-fuzz -i in -o out -M f1 -- ./bin @@ $ afl-fuzz -i in -o out -S f2 -- ./bin @@

  17. Output Structure • One folder per fuzzer • /crashes, /hangs,

    /queue

  18. Analysing AFL Screen

  19. Hands-on • Clone fuzzgoat • Compile with AFL • Fuzz

    in parallel • Check status

  20. GDB and Exploitable • Open binary with GDB • Choose

    a crash case • Run test case • Classify with Exploitable

  21. Optimising Fuzzing • Execution Speed, Fail Fast • Isolate test

    code • Minimise test cases • Minimise test files

  22. Fuzzing a binary without source • Linux binaries • AFL’s

    QEMU Mode

  23. Limitations of AFL • Supports file/STDIN input • Supports selective

    binaries • Supports selective OSs

  24. Thanks!