-->
Fuzzing Workshop
Description:
@AdamOfDC949 will be giving a free workshop to
introduce people to the joys of fuzzing.
This will be a practical, hands on workshop on how to use existing tools
like AFL to find bugs in binaries. After
going over basic usage, we’ll have everyone get their fuzzers going on “real
world” software. While the CPUs churn
away, we’ll talk about some of the internals of AFL, coverage driven fuzzers in
general, and learn how to read the statistics and troubleshoot issues such as
performance issues, not finding any new paths, and so on. If there’s enough
time and interest, we can also go over how libFuzzer works, and maybe even
KLEE.
By the time we’re done, you should be able to start fuzzing
Linux programs in a matter of minutes (as long as they take file input and exit
after processing the file), compile with Clang/LLVM, use persistence mode, and
know when it’s time to find more seed files, prune the existing set, or try a
new approach altogether.
Takeaways:
- Able to start fuzzing Linux programs in a matter of minutes (as long as you take file input and exit after processing the file)
- Compile with Clang/LLVM instrumentation
- Use persistence mode
- Know when it’s time to find more seed files, prune the existing set or try a new approach
Prereqs & Preparation:
This workshop is designed for beginners, no prior fuzzing
experience required.
What to bring to class: All students must bring their own
computer. If it’s running Linux, you should be good to go. If it’s not, get
some VM software (e.g. VirtualBox) and make sure there’s enough RAM and disk
space to put an Ubuntu VM on there. No
need to have prior fuzzing experience, no need to know assembly or how to
reverse binaries (though that’d help once we find a bug). Being able to read C code would be helpful
for the experimental features, but isn’t needed for basic usage.