Overview
Syllabus
Intro
Presentation Agenda
Automated Fuzzing Categories
Mutation Strategies
AFL's Key Benefits
Background: What Are Basic Blocks?
AFL Fuzzing Map (gzip)
Build It
Instrument Something
The Status Screen
Important Status Indicators
Output Directories
Basic Blockers And Caveats
Parallel Fuzzing
Distributed Fuzzing
LLVM Mode
all-clang-last Persistent Mode
Benefits of Bonus Modes
Shrinking The Haystack
Selecting The Best Inputs
Dictionary Based Fuzzing
Removing Checksums
Chaining AFL
Assessing Crash Impact
What Triggered The Crash?
The Peruvian Rabbit Thing
Sanitizers
Address Sanitizer Example Output
Using GDB
My Triage Method
BASH Variables
Heartbleed
Browser ASLR Bypass
Resources & Question Time
Taught by
Security BSides San Francisco