Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introduction to Fuzzing with AFL
Search
Ayush Priya
November 16, 2021
Technology
0
32
Introduction to Fuzzing with AFL
This talk is an introduction to using AFL or American Fuzzy Lop to fuzz binaries.
Ayush Priya
November 16, 2021
Tweet
Share
More Decks by Ayush Priya
See All by Ayush Priya
Scrubbing PII from Logs in LogStash
ayushpriya10
0
800
Introduction to Deserialization Attacks
ayushpriya10
2
650
Web Assembly for Hackers
ayushpriya10
0
50
Other Decks in Technology
See All in Technology
react-callを使ってダイヤログをいろんなとこで再利用しよう!
shinaps
2
260
S3アクセス制御の設計ポイント
tommy0124
3
200
「Linux」という言葉が指すもの
sat
PRO
4
140
CDK CLIで使ってたあの機能、CDK Toolkit Libraryではどうやるの?
smt7174
4
190
Webアプリケーションにオブザーバビリティを実装するRust入門ガイド
nwiizo
7
860
LLM時代のパフォーマンスチューニング:MongoDB運用で試したコンテキスト活用の工夫
ishikawa_pro
0
170
Agile PBL at New Grads Trainings
kawaguti
PRO
1
450
AWSで始める実践Dagster入門
kitagawaz
1
700
Practical Agentic AI in Software Engineering
uzyn
0
110
新規プロダクトでプロトタイプから正式リリースまでNext.jsで開発したリアル
kawanoriku0
1
160
Android Audio: Beyond Winning On It
atsushieno
0
2.4k
20250910_障害注入から効率的復旧へ_カオスエンジニアリング_生成AIで考えるAWS障害対応.pdf
sh_fk2
3
260
Featured
See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
131
19k
A better future with KSS
kneath
239
17k
Documentation Writing (for coders)
carmenintech
74
5k
GraphQLとの向き合い方2022年版
quramy
49
14k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6k
Six Lessons from altMBA
skipperchong
28
4k
Site-Speed That Sticks
csswizardry
10
820
Why You Should Never Use an ORM
jnunemaker
PRO
59
9.5k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.5k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Transcript
Introduction to fuzzing with AFL
Ayush Priya VIT, Vellore @ayushpriya10 https://ayushpriya.com https://www.linkedin.com/in/ayushpriya10
What am I learning? • What is fuzzing and fuzzers?
• What is AFL? • How to use AFL?
Why am I learning this? • Discover undiscovered bugs •
Build a robust approach to development • (Maybe make some money)
What is Fuzzing? • A form of testing • Random
invalid input • Behaviour analysis
"You can find bugs in your sleep." - Craig Young
Why fuzz at all? • Unique test cases • Eliminates
methodology bias • Metrics - Code Coverage, Path Coverage
Types of fuzzers • Mutational • Grammar • Feedback-based
Introduction to AFL • Open-source • Smart fuzzer: PoC -
“Hello JPG”
Prerequisites • GCC, CLang • GDB, Exploitable • Screen •
Libtool-bin, automake, bison, libglib2.0-dev, qemu
Installation • Install AFL • Enable LLVM mode • Enable
QEMU mode
AFL Workflow • Compiling the binary with AFL’s compilers •
Building a Test Corpus • Running AFL on the target binary • Analyse findings
Compiling with AFL $ export CC=afl-clang-fast $ export AFL_HARDEN=1 $
export AFL_INST_RATIO=100 $ ./configure $ make
Building Test Corpus • Supplying test case(s) $ cp /bin/ps
afl_in/
Fuzzing with source • Build binary from source AFL •
Add test cases to afl_in • Fuzz! $ afl-fuzz -i in/ -o out/ -- ./bin @@
Parallel Fuzzing • One core per fuzzer • Check free
cores $ afl-fuzz -i in -o out -M f1 -- ./bin @@ $ afl-fuzz -i in -o out -S f2 -- ./bin @@
Output Structure • One folder per fuzzer • /crashes, /hangs,
/queue
Analysing AFL Screen
Hands-on • Clone fuzzgoat • Compile with AFL • Fuzz
in parallel • Check status
GDB and Exploitable • Open binary with GDB • Choose
a crash case • Run test case • Classify with Exploitable
Optimising Fuzzing • Execution Speed, Fail Fast • Isolate test
code • Minimise test cases • Minimise test files
Fuzzing a binary without source • Linux binaries • AFL’s
QEMU Mode
Limitations of AFL • Supports file/STDIN input • Supports selective
binaries • Supports selective OSs
Thanks!