Abstract
In this workshop, we will discuss what is fuzzing how does fuzzer works, what are different types of fuzzers and how to use them to fuzz various open source softwares on linux. First we will have basic introduction to different types of vulnerabilities like integer overflow/underflow, stack/heap overflow/out of bound read/write which are very common in software, we will also see some example of real world vulnerabilities to get an understanding of these vulnerability types.
Later on during the training we will first start with fuzzing a simple C program which contains these vulnerabilities. After that we will see how we fuzz real world open source software using fuzzers like AFL, honggfuzz and libfuzzer.
This talk will also provide details on how does AFL works, what are the different mutation strategies it uses. basics of compile time instrumentation, how to collect corpus for fuzzing and how to minimize it, crash triage and finding root cause.
Detailed Outline:
- Different types of vulnerabilities - quick overview of Buffer overflow, heap overflow, integer overflow, use after free, out of bound read/Write.
- Manually identifying the vulnerabilities in C code.
- What is fuzzing and different types of fuzzer - dumb fuzzer, mutation fuzzer, coverage guided fuzzer.
- Fuzzing Process
- corpus collection
- corpus minimization
- Fuzzing Sample C program using AFL, libfuzzer and Honggfuzz, libfuzzer
- Analyzing and triaging crashes
- How to fuzz real world softwares using AFL,honggfuzz
- How to fuzz tcpdump/libtiff using AFL/Honggfuzz.
- Reporting crashes and bug bounties
- QnA
- Conclusion
