@AdamOfDC949 will be giving a free workshop to introduce people to the joys of fuzzing. This will be a practical, hands on workshop on how to use existing tools like AFL to find bugs in binaries. After going over basic usage, we’ll have everyone get their fuzzers going on “real world” software. While the CPUs churn away, we’ll talk about some of the internals of AFL, coverage driven fuzzers in general, and learn how to read the statistics and troubleshoot issues such as performance issues, not finding any new paths, and so on. If there’s enough time and interest, we can also go over how libFuzzer works, and maybe even KLEE.
By the time we’re done, you should be able to start fuzzing Linux programs in a matter of minutes (as long as they take file input and exit after processing the file), compile with Clang/LLVM, use persistence mode, and know when it’s time to find more seed files, prune the existing set, or try a new approach altogether.
- Able to start fuzzing Linux programs in a matter of minutes (as long as you take file input and exit after processing the file)
- Compile with Clang/LLVM instrumentation
- Use persistence mode
- Know when it’s time to find more seed files, prune the existing set or try a new approach
Prereqs & Preparation:
This workshop is designed for beginners, no prior fuzzing experience required.
What to bring to class: All students must bring their own computer. If it’s running Linux, you should be good to go. If it’s not, get some VM software (e.g. VirtualBox) and make sure there’s enough RAM and disk space to put an Ubuntu VM on there. No need to have prior fuzzing experience, no need to know assembly or how to reverse binaries (though that’d help once we find a bug). Being able to read C code would be helpful for the experimental features, but isn’t needed for basic usage.