Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Fuzzing with AFL

NDC Conferences via YouTube

Overview

Discover the power of fuzzing with AFL in this comprehensive 45-minute conference talk. Learn how to effectively test applications by throwing various inputs at them to uncover potential crashes. Gain insights into getting started with AFL, explore optimization techniques, and address common challenges encountered during the fuzzing process. Follow along as the speaker demonstrates practical examples, discusses code and path coverage, and introduces different fuzzing approaches including mutational, grammar, and feedback-based fuzzers. Explore the AFL trophy case of vulnerabilities, learn about installation and compilation processes, and understand the importance of test corpus selection. Dive into optimization strategies for execution speed, LLVM instrumentation, and persistent mode. By the end of this talk, acquire the knowledge and tools necessary to begin fuzzing your own code with AFL and improve your application's security.

Syllabus

Intro
Inspiration
Code coverage vs path coverage
Basic fuzzing
Mutational fuzzer
Grammar fuzzer
Feedback-based fuzzers
AFL trophy case - vulnerabilities
Installing AFL
LLVM: Fuzzing non-x86
Workflow
Get some hardware
Compile the binary
Compile time environment variables
Find a test corpus
Run the fuzzer
Triage the findings
Profit
Goals
Optimization: Execution speed
Optimization: LLVM - Deferred instrumentation
Optimization: LLVM - Persistent mode
Optimization: libdislocator.so
Optimization: Dictionaries
Resources
Summary

Taught by

NDC Conferences

Reviews

Start your review of Fuzzing with AFL

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.