Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Fuzzing with AFL

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Ayush Priya Ayush Priya
November 16, 2021
Technology
0
38

Introduction to Fuzzing with AFL

This talk is an introduction to using AFL or American Fuzzy Lop to fuzz binaries.

Avatar for Ayush Priya

Ayush Priya

November 16, 2021
Tweet

More Decks by Ayush Priya

See All by Ayush Priya
Scrubbing PII from Logs in LogStash
Avatar for Ayush Priya ayushpriya10
0
820
Introduction to Deserialization Attacks
Avatar for Ayush Priya ayushpriya10
2
670
Web Assembly for Hackers
Avatar for Ayush Priya ayushpriya10
0
58

Other Decks in Technology

See All in Technology
Context Engineeringが企業で不可欠になる理由
Avatar for Hirosato Gamo hirosatogamo
PRO
3
630
モダンUIでフルサーバーレスなAIエージェントをAmplifyとCDKでサクッとデプロイしよう
Avatar for みのるん minorun365
4
220
AWS Network Firewall Proxyを触ってみた
Avatar for nagisa_53 nagisa53
1
240
Red Hat OpenStack Services on OpenShift
Avatar for Tatsuya Amemiya tamemiya
0
130
Bill One 開発エンジニア 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
5
17k
予期せぬコストの急増を障害のように扱う――「コスト版ポストモーテム」の導入とその後の改善
Avatar for Masahiro Yoshizawa muziyoshiz
1
2k
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
Avatar for AEON aeonpeople
6
2.5k
AIエージェントに必要なのはデータではなく文脈だった/ai-agent-context-graph-mybest
Avatar for Jun Naito jonnojun
1
220
SREチームをどう作り、どう育てるか ― Findy横断SREのマネジメント
Avatar for adachi.ryo rvirus0817
0
320
AIエージェントを開発しよう!-AgentCore活用の勘所-
Avatar for YukiOgawa yukiogawa
0
180
30万人の同時アクセスに耐えたい!新サービスの盤石なリリースを支える負荷試験 / SRE Kaigi 2026
Avatar for GENDA genda
4
1.3k
Amazon S3 Vectorsを使って資格勉強用AIエージェントを構築してみた
Avatar for usanchuu usanchuu
3
450

Featured

See All Featured
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.6k
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
Avatar for Tech SEO Connect techseoconnect
PRO
0
86
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
760
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
Avatar for r-kagaya rkaga
60
42k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
162
24k
The Limits of Empathy - UXLibs8
Avatar for Cassini Nazir cassininazir
1
220
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9.1k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
37
6.3k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
77
5.3k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
Avatar for Aleyda Solis aleyda
1
1.1k

Transcript

  1. Introduction to fuzzing with AFL

  2. Ayush Priya VIT, Vellore @ayushpriya10 https://ayushpriya.com https://www.linkedin.com/in/ayushpriya10

  3. What am I learning? • What is fuzzing and fuzzers?

    • What is AFL? • How to use AFL?

  4. Why am I learning this? • Discover undiscovered bugs •

    Build a robust approach to development • (Maybe make some money)

  5. What is Fuzzing? • A form of testing • Random

    invalid input • Behaviour analysis

  6. "You can find bugs in your sleep." - Craig Young

  7. Why fuzz at all? • Unique test cases • Eliminates

    methodology bias • Metrics - Code Coverage, Path Coverage

  8. Types of fuzzers • Mutational • Grammar • Feedback-based

  9. Introduction to AFL • Open-source • Smart fuzzer: PoC -

    “Hello JPG”

  10. Prerequisites • GCC, CLang • GDB, Exploitable • Screen •

    Libtool-bin, automake, bison, libglib2.0-dev, qemu

  11. Installation • Install AFL • Enable LLVM mode • Enable

    QEMU mode

  12. AFL Workflow • Compiling the binary with AFL’s compilers •

    Building a Test Corpus • Running AFL on the target binary • Analyse findings

  13. Compiling with AFL $ export CC=afl-clang-fast $ export AFL_HARDEN=1 $

    export AFL_INST_RATIO=100 $ ./configure $ make

  14. Building Test Corpus • Supplying test case(s) $ cp /bin/ps

    afl_in/

  15. Fuzzing with source • Build binary from source AFL •

    Add test cases to afl_in • Fuzz! $ afl-fuzz -i in/ -o out/ -- ./bin @@

  16. Parallel Fuzzing • One core per fuzzer • Check free

    cores $ afl-fuzz -i in -o out -M f1 -- ./bin @@ $ afl-fuzz -i in -o out -S f2 -- ./bin @@

  17. Output Structure • One folder per fuzzer • /crashes, /hangs,

    /queue

  18. Analysing AFL Screen

  19. Hands-on • Clone fuzzgoat • Compile with AFL • Fuzz

    in parallel • Check status

  20. GDB and Exploitable • Open binary with GDB • Choose

    a crash case • Run test case • Classify with Exploitable

  21. Optimising Fuzzing • Execution Speed, Fail Fast • Isolate test

    code • Minimise test cases • Minimise test files

  22. Fuzzing a binary without source • Linux binaries • AFL’s

    QEMU Mode

  23. Limitations of AFL • Supports file/STDIN input • Supports selective

    binaries • Supports selective OSs

  24. Thanks!