Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Fuzzing with AFL

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Ayush Priya Ayush Priya
November 16, 2021
Technology
0
37

Introduction to Fuzzing with AFL

This talk is an introduction to using AFL or American Fuzzy Lop to fuzz binaries.

Avatar for Ayush Priya

Ayush Priya

November 16, 2021
Tweet

More Decks by Ayush Priya

See All by Ayush Priya
Scrubbing PII from Logs in LogStash
Avatar for Ayush Priya ayushpriya10
0
820
Introduction to Deserialization Attacks
Avatar for Ayush Priya ayushpriya10
2
670
Web Assembly for Hackers
Avatar for Ayush Priya ayushpriya10
0
55

Other Decks in Technology

See All in Technology
日本語テキストと音楽の対照学習の技術とその応用
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
410
Webhook best practices for rock solid and resilient deployments
Avatar for Guillaume Laforge glaforge
1
250
Agile Leadership Summit Keynote 2026
Avatar for seki at druby.org m_seki
1
270
データの整合性を保ちたいだけなんだ
Avatar for ShoheiMitani shoheimitani
7
2.8k
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
Avatar for ないとー bwkw
2
830
Digitization部 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
6.8k
Amazon Bedrock AgentCore 認証・認可入門
Avatar for iganin hironobuiga
2
500
レガシー共有バッチ基盤への挑戦 - SREドリブンなリアーキテクチャリングの取り組み
Avatar for Konishi tatsuhiro tatsukoni
0
190
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
3k
toCプロダクトにおけるAI機能開発のしくじりと学び / ai-product-failures-and-learnings
Avatar for rince rince
6
5.5k
Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介
Avatar for msysh msysh
3
140
分析画面のクリック操作をそのままコード化 ! エンジニアとビジネスユーザーが共存するAI-ReadyなBI基盤
Avatar for ikumi ikumi
1
210

Featured

See All Featured
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
Avatar for MADOX madoxten
56
50k
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
333
24k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
281
24k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
133
19k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
5
880
How to Grow Your eCommerce with AI & Automation
Avatar for Katarina Dahlin katarinadahlin
PRO
0
100
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
225
10k
The Curse of the Amulet
Avatar for Matthew Lei leimatthew05
1
8.2k
Unlocking the hidden potential of vector embeddings in international SEO
Avatar for Frank van Dijk frankvandijk
0
170
Paper Plane (Part 1)
Avatar for Katie Cordina Lindsey katiecoart
PRO
0
4k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
273
21k
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
Avatar for Aleyda Solis aleyda
2
9.5k

Transcript

  1. Introduction to fuzzing with AFL

  2. Ayush Priya VIT, Vellore @ayushpriya10 https://ayushpriya.com https://www.linkedin.com/in/ayushpriya10

  3. What am I learning? • What is fuzzing and fuzzers?

    • What is AFL? • How to use AFL?

  4. Why am I learning this? • Discover undiscovered bugs •

    Build a robust approach to development • (Maybe make some money)

  5. What is Fuzzing? • A form of testing • Random

    invalid input • Behaviour analysis

  6. "You can find bugs in your sleep." - Craig Young

  7. Why fuzz at all? • Unique test cases • Eliminates

    methodology bias • Metrics - Code Coverage, Path Coverage

  8. Types of fuzzers • Mutational • Grammar • Feedback-based

  9. Introduction to AFL • Open-source • Smart fuzzer: PoC -

    “Hello JPG”

  10. Prerequisites • GCC, CLang • GDB, Exploitable • Screen •

    Libtool-bin, automake, bison, libglib2.0-dev, qemu

  11. Installation • Install AFL • Enable LLVM mode • Enable

    QEMU mode

  12. AFL Workflow • Compiling the binary with AFL’s compilers •

    Building a Test Corpus • Running AFL on the target binary • Analyse findings

  13. Compiling with AFL $ export CC=afl-clang-fast $ export AFL_HARDEN=1 $

    export AFL_INST_RATIO=100 $ ./configure $ make

  14. Building Test Corpus • Supplying test case(s) $ cp /bin/ps

    afl_in/

  15. Fuzzing with source • Build binary from source AFL •

    Add test cases to afl_in • Fuzz! $ afl-fuzz -i in/ -o out/ -- ./bin @@

  16. Parallel Fuzzing • One core per fuzzer • Check free

    cores $ afl-fuzz -i in -o out -M f1 -- ./bin @@ $ afl-fuzz -i in -o out -S f2 -- ./bin @@

  17. Output Structure • One folder per fuzzer • /crashes, /hangs,

    /queue

  18. Analysing AFL Screen

  19. Hands-on • Clone fuzzgoat • Compile with AFL • Fuzz

    in parallel • Check status

  20. GDB and Exploitable • Open binary with GDB • Choose

    a crash case • Run test case • Classify with Exploitable

  21. Optimising Fuzzing • Execution Speed, Fail Fast • Isolate test

    code • Minimise test cases • Minimise test files

  22. Fuzzing a binary without source • Linux binaries • AFL’s

    QEMU Mode

  23. Limitations of AFL • Supports file/STDIN input • Supports selective

    binaries • Supports selective OSs

  24. Thanks!