LiveOverflow | How Fuzzing with AFL works! | Ep. 02 @LiveOverflow | Uploaded 3 years ago | Updated 9 hours ago
Let's investigate some issues we have fuzzing sudo with afl. And also explain how AFL works. After improving our fuzzing setup even more, we are finally read to start fuzzing sudo for real. Can we find the vulnerability now?
liveoverflow.com/support
Grab the files: github.com/LiveOverflow/pwnedit
milek7's blog: https://milek7.pl/howlongsudofuzz/
Sudo Research Episode 02:
00:00 - Recap
00:39 - Fixing AFL Crash Using LLVM mode
03:32 - Testing the AFL Instrumented Sudo Binary
04:11 - How Fuzzing with AFL works!
06:44 - Can AFL find the crash?
08:06 - Detour: busybox and argv[0]
09:48 - How could we discover "sudoedit"?
10:47 - Can AFL find "sudoedit" through magic?
11:25 - Include argv[0] in the testcases
13:06 - Parallel Fuzzing Setup
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Website: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Let's investigate some issues we have fuzzing sudo with afl. And also explain how AFL works. After improving our fuzzing setup even more, we are finally read to start fuzzing sudo for real. Can we find the vulnerability now?
liveoverflow.com/support
Grab the files: github.com/LiveOverflow/pwnedit
milek7's blog: https://milek7.pl/howlongsudofuzz/
Sudo Research Episode 02:
00:00 - Recap
00:39 - Fixing AFL Crash Using LLVM mode
03:32 - Testing the AFL Instrumented Sudo Binary
04:11 - How Fuzzing with AFL works!
06:44 - Can AFL find the crash?
08:06 - Detour: busybox and argv[0]
09:48 - How could we discover "sudoedit"?
10:47 - Can AFL find "sudoedit" through magic?
11:25 - Include argv[0] in the testcases
13:06 - Parallel Fuzzing Setup
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Website: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
