Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Fuzzing with AFL

Avatar for Ayush Priya Ayush Priya
November 16, 2021
Technology
0
30

Introduction to Fuzzing with AFL

This talk is an introduction to using AFL or American Fuzzy Lop to fuzz binaries.
Avatar for Ayush Priya

Ayush Priya

November 16, 2021
Tweet

More Decks by Ayush Priya

See All by Ayush Priya
Scrubbing PII from Logs in LogStash
Avatar for Ayush Priya ayushpriya10
0
790
Introduction to Deserialization Attacks
Avatar for Ayush Priya ayushpriya10
2
650
Web Assembly for Hackers
Avatar for Ayush Priya ayushpriya10
0
43

Other Decks in Technology

See All in Technology
KubeCon + CloudNativeCon Japan 2025 Recap Opening & Choose Your Own Adventureシリーズまとめ
Avatar for mm-matsuda mmmatsuda
0
270
Tokyo_reInforce_2025_recap_iam_access_analyzer
Avatar for h-ashisan hiashisan
0
180
20250705 Headlamp: 專注可擴展性的 Kubernetes 用戶界面
Avatar for Phil Huang pichuang
0
240
OPENLOGI Company Profile for engineer
Avatar for OPENLOGI hr01
1
34k
さくらのIaaS基盤のモニタリングとOpenTelemetry/OSC Hokkaido 2025
Avatar for FUJIWARA Shunichiro fujiwara3
3
380
KubeCon + CloudNativeCon Japan 2025 Recap by CA
Avatar for YuyaKoda ponkio_o
PRO
0
290
怖くない!はじめてのClaude Code
Avatar for Shinya Masadome(東京AI祭) shinya337
0
380
United Airlines Customer Service– Call 1-833-341-3142 Now!
Avatar for vivankilkenny548+imnfc airhelp
0
160
Lufthansa ®️ USA Contact Numbers: Complete 2025 Support Guide
Avatar for danielconkling870 lufthanahelpsupport
0
150
論文紹介:LLMDet (CVPR2025 Highlight)
Avatar for tattaka tattaka
0
310
Glacierだからってコストあきらめてない? / JAWS Meet Glacier Cost
Avatar for sasaki taishin
1
150
AIとともに進化するエンジニアリング / Engineering-Evolving-with-AI_final.pdf
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
160

Featured

See All Featured
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.3k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
220k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
367
19k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
42
7.4k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.5k
Faster Mobile Websites
Avatar for Dean Hume deanohume
307
31k
Building Applications with DynamoDB
Avatar for Matt Wood mza
95
6.5k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
7
730
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
126
52k
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k

Transcript

  1. Introduction to fuzzing with AFL

  2. Ayush Priya VIT, Vellore @ayushpriya10 https://ayushpriya.com https://www.linkedin.com/in/ayushpriya10

  3. What am I learning? • What is fuzzing and fuzzers?

    • What is AFL? • How to use AFL?

  4. Why am I learning this? • Discover undiscovered bugs •

    Build a robust approach to development • (Maybe make some money)

  5. What is Fuzzing? • A form of testing • Random

    invalid input • Behaviour analysis

  6. "You can find bugs in your sleep." - Craig Young

  7. Why fuzz at all? • Unique test cases • Eliminates

    methodology bias • Metrics - Code Coverage, Path Coverage

  8. Types of fuzzers • Mutational • Grammar • Feedback-based

  9. Introduction to AFL • Open-source • Smart fuzzer: PoC -

    “Hello JPG”

  10. Prerequisites • GCC, CLang • GDB, Exploitable • Screen •

    Libtool-bin, automake, bison, libglib2.0-dev, qemu

  11. Installation • Install AFL • Enable LLVM mode • Enable

    QEMU mode

  12. AFL Workflow • Compiling the binary with AFL’s compilers •

    Building a Test Corpus • Running AFL on the target binary • Analyse findings

  13. Compiling with AFL $ export CC=afl-clang-fast $ export AFL_HARDEN=1 $

    export AFL_INST_RATIO=100 $ ./configure $ make

  14. Building Test Corpus • Supplying test case(s) $ cp /bin/ps

    afl_in/

  15. Fuzzing with source • Build binary from source AFL •

    Add test cases to afl_in • Fuzz! $ afl-fuzz -i in/ -o out/ -- ./bin @@

  16. Parallel Fuzzing • One core per fuzzer • Check free

    cores $ afl-fuzz -i in -o out -M f1 -- ./bin @@ $ afl-fuzz -i in -o out -S f2 -- ./bin @@

  17. Output Structure • One folder per fuzzer • /crashes, /hangs,

    /queue

  18. Analysing AFL Screen

  19. Hands-on • Clone fuzzgoat • Compile with AFL • Fuzz

    in parallel • Check status

  20. GDB and Exploitable • Open binary with GDB • Choose

    a crash case • Run test case • Classify with Exploitable

  21. Optimising Fuzzing • Execution Speed, Fail Fast • Isolate test

    code • Minimise test cases • Minimise test files

  22. Fuzzing a binary without source • Linux binaries • AFL’s

    QEMU Mode

  23. Limitations of AFL • Supports file/STDIN input • Supports selective

    binaries • Supports selective OSs

  24. Thanks!