Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introduction to Fuzzing with AFL
Search
Ayush Priya
November 16, 2021
Technology
64
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Introduction to Fuzzing with AFL
This talk is an introduction to using AFL or American Fuzzy Lop to fuzz binaries.
Ayush Priya
November 16, 2021
More Decks by Ayush Priya
See All by Ayush Priya
Scrubbing PII from Logs in LogStash
ayushpriya10
0
850
Introduction to Deserialization Attacks
ayushpriya10
2
700
Web Assembly for Hackers
ayushpriya10
0
99
Other Decks in Technology
See All in Technology
Gen3R: 3D Scene Generation Meets Feed-Forward Reconstruction
spatial_ai_network
0
120
「ちゃんとやっている」は独りよがりだった ― 不安に寄り添うインシデント対応へ / Towards incident response that addresses anxieties
chmikata
1
5.1k
LLM/Agent評価:トップ営業の発言を「正解」にする 〜暗黙的正解による評価を営業資産に変える〜
takkuhiro
1
210
しぶいSRE: サーバから見えない障害にどう向き合うか。ラストワンマイルのデバッグ実践 / Shibui SRE
kanny
13
6k
AIと共生する開発者プラットフォーム:バクラクのモノレポ×マイクロサービス基盤
sakajunquality
2
3.4k
人を動かすのは時間ではなく、納得感 〜新任EMが入社3ヶ月、組織を2回変えた話〜
kakehashi
PRO
3
220
非定型なドキュメントを効率よくリファクタする 〜えぇ!?仕様書27本の移行が1日で終わったって!?〜
subroh0508
1
330
シンガポールで登壇してきます
yama3133
0
110
CIで使うClaude
iwatatomoya
0
250
kintone の AI コワーカーを、 Anthropic にエージェントを"ホストさせて"作った話 #devkinmeetup
sugimomoto
0
100
ゼロをイチにする仕事が終わったあと
smasato
0
340
個人開発で育てる「大規模設計の苗床」 - AI時代の1人開発から始める業務への知識接続 / The Seedbed for Large-Scale Design - From AI-Era Solo Projects to Professional Knowledge
bitkey
PRO
0
160
Featured
See All Featured
Thoughts on Productivity
jonyablonski
76
5.2k
Heart Work Chapter 1 - Part 1
lfama
PRO
8
36k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
340
Getting science done with accelerated Python computing platforms
jacobtomlinson
2
260
Marketing to machines
jonoalderson
1
5.6k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.6k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Tell your own story through comics
letsgokoyo
1
990
Skip the Path - Find Your Career Trail
mkilby
1
160
エンジニアに許された特別な時間の終わり
watany
107
250k
Crafting Experiences
bethany
1
210
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
38
2.9k
Transcript
Introduction to fuzzing with AFL
Ayush Priya VIT, Vellore @ayushpriya10 https://ayushpriya.com https://www.linkedin.com/in/ayushpriya10
What am I learning? • What is fuzzing and fuzzers?
• What is AFL? • How to use AFL?
Why am I learning this? • Discover undiscovered bugs •
Build a robust approach to development • (Maybe make some money)
What is Fuzzing? • A form of testing • Random
invalid input • Behaviour analysis
"You can find bugs in your sleep." - Craig Young
Why fuzz at all? • Unique test cases • Eliminates
methodology bias • Metrics - Code Coverage, Path Coverage
Types of fuzzers • Mutational • Grammar • Feedback-based
Introduction to AFL • Open-source • Smart fuzzer: PoC -
“Hello JPG”
Prerequisites • GCC, CLang • GDB, Exploitable • Screen •
Libtool-bin, automake, bison, libglib2.0-dev, qemu
Installation • Install AFL • Enable LLVM mode • Enable
QEMU mode
AFL Workflow • Compiling the binary with AFL’s compilers •
Building a Test Corpus • Running AFL on the target binary • Analyse findings
Compiling with AFL $ export CC=afl-clang-fast $ export AFL_HARDEN=1 $
export AFL_INST_RATIO=100 $ ./configure $ make
Building Test Corpus • Supplying test case(s) $ cp /bin/ps
afl_in/
Fuzzing with source • Build binary from source AFL •
Add test cases to afl_in • Fuzz! $ afl-fuzz -i in/ -o out/ -- ./bin @@
Parallel Fuzzing • One core per fuzzer • Check free
cores $ afl-fuzz -i in -o out -M f1 -- ./bin @@ $ afl-fuzz -i in -o out -S f2 -- ./bin @@
Output Structure • One folder per fuzzer • /crashes, /hangs,
/queue
Analysing AFL Screen
Hands-on • Clone fuzzgoat • Compile with AFL • Fuzz
in parallel • Check status
GDB and Exploitable • Open binary with GDB • Choose
a crash case • Run test case • Classify with Exploitable
Optimising Fuzzing • Execution Speed, Fail Fast • Isolate test
code • Minimise test cases • Minimise test files
Fuzzing a binary without source • Linux binaries • AFL’s
QEMU Mode
Limitations of AFL • Supports file/STDIN input • Supports selective
binaries • Supports selective OSs
Thanks!