home.social

#libfuzzer — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #libfuzzer, aggregated by home.social.

  1. Особенности подачи входных данных при фаззинге в режиме Persistent Mode на примере Libfuzzer + CURL

    Фаззинг — один из самых эффективных инструментов для поиска ошибок и уязвимостей. Но если взять готовый движок вроде LibFuzzer и попробовать применить его к реальной утилите, быстро выясняется, что «из коробки» всё работает далеко не всегда. Большинство примеров в документации ограничиваются функцией, принимающей массив байт, тогда как в реальных программах входные данные поступают через другие каналы.

    habr.com/ru/articles/940946/

    #fuzzing #libfuzzer #curl

  2. Особенности подачи входных данных при фаззинге в режиме Persistent Mode на примере Libfuzzer + CURL

    Фаззинг — один из самых эффективных инструментов для поиска ошибок и уязвимостей. Но если взять готовый движок вроде LibFuzzer и попробовать применить его к реальной утилите, быстро выясняется, что «из коробки» всё работает далеко не всегда. Большинство примеров в документации ограничиваются функцией, принимающей массив байт, тогда как в реальных программах входные данные поступают через другие каналы.

    habr.com/ru/articles/940946/

    #fuzzing #libfuzzer #curl

  3. Особенности подачи входных данных при фаззинге в режиме Persistent Mode на примере Libfuzzer + CURL

    Фаззинг — один из самых эффективных инструментов для поиска ошибок и уязвимостей. Но если взять готовый движок вроде LibFuzzer и попробовать применить его к реальной утилите, быстро выясняется, что «из коробки» всё работает далеко не всегда. Большинство примеров в документации ограничиваются функцией, принимающей массив байт, тогда как в реальных программах входные данные поступают через другие каналы.

    habr.com/ru/articles/940946/

    #fuzzing #libfuzzer #curl

  4. Особенности подачи входных данных при фаззинге в режиме Persistent Mode на примере Libfuzzer + CURL

    Фаззинг — один из самых эффективных инструментов для поиска ошибок и уязвимостей. Но если взять готовый движок вроде LibFuzzer и попробовать применить его к реальной утилите, быстро выясняется, что «из коробки» всё работает далеко не всегда. Большинство примеров в документации ограничиваются функцией, принимающей массив байт, тогда как в реальных программах входные данные поступают через другие каналы.

    habr.com/ru/articles/940946/

    #fuzzing #libfuzzer #curl

  5. Как подружить DynamoRIO и LibFuzzer

    Приветствую всех обитателей Хабра и случайных гостей! Этой статьёй я хотел бы начать цикл заметок, посвящённых моей научной работе в вузе, связанной с фаззинг-тестированием. Всего на данный момент я работаю над темой 2 семестра. За это время мне много раз приходилось обращаться к интернет ресурсам в поисках информации по работе с DynamoRIO. Но, к сожалению, годных ресурсов попадалось крайне мало. Поэтому я решил облегчить судьбу другим, интересующимся этой темой и инструментарием, и состряпал данную статью. Надеюсь, кому-нибудь это да пригодится ;-)

    habr.com/ru/articles/826932/

    #фаззинг #фаззингтестирование #dynamorio #libfuzzer #ассемблер #динамический_анализ #динамическая_инструментация #динамический_анализ_кода #криптография #инструментация

  6. Как подружить DynamoRIO и LibFuzzer

    Приветствую всех обитателей Хабра и случайных гостей! Этой статьёй я хотел бы начать цикл заметок, посвящённых моей научной работе в вузе, связанной с фаззинг-тестированием. Всего на данный момент я работаю над темой 2 семестра. За это время мне много раз приходилось обращаться к интернет ресурсам в поисках информации по работе с DynamoRIO. Но, к сожалению, годных ресурсов попадалось крайне мало. Поэтому я решил облегчить судьбу другим, интересующимся этой темой и инструментарием, и состряпал данную статью. Надеюсь, кому-нибудь это да пригодится ;-)

    habr.com/ru/articles/826932/

    #фаззинг #фаззингтестирование #dynamorio #libfuzzer #ассемблер #динамический_анализ #динамическая_инструментация #динамический_анализ_кода #криптография #инструментация

  7. Как подружить DynamoRIO и LibFuzzer

    Приветствую всех обитателей Хабра и случайных гостей! Этой статьёй я хотел бы начать цикл заметок, посвящённых моей научной работе в вузе, связанной с фаззинг-тестированием. Всего на данный момент я работаю над темой 2 семестра. За это время мне много раз приходилось обращаться к интернет ресурсам в поисках информации по работе с DynamoRIO. Но, к сожалению, годных ресурсов попадалось крайне мало. Поэтому я решил облегчить судьбу другим, интересующимся этой темой и инструментарием, и состряпал данную статью. Надеюсь, кому-нибудь это да пригодится ;-)

    habr.com/ru/articles/826932/

    #фаззинг #фаззингтестирование #dynamorio #libfuzzer #ассемблер #динамический_анализ #динамическая_инструментация #динамический_анализ_кода #криптография #инструментация

  8. We released #LibAFL 0.11 (and 0.11.1 with a doc fix).

    Highlights:

    • libafl_libfuzzer: a full #LibFuzzer replacement
    • libafl_bolts: low-level building blocks for #rust
    • libafl_qemu: hooks and fuzzing in #QEMU 8, #Hexagon support, ..
    • Updated #FRIDA
    • ...

    github.com/AFLplusplus/LibAFL/

    Have fun #fuzzing

  9. We released #LibAFL 0.11 (and 0.11.1 with a doc fix).

    Highlights:

    • libafl_libfuzzer: a full #LibFuzzer replacement
    • libafl_bolts: low-level building blocks for #rust
    • libafl_qemu: hooks and fuzzing in #QEMU 8, #Hexagon support, ..
    • Updated #FRIDA
    • ...

    github.com/AFLplusplus/LibAFL/

    Have fun #fuzzing

  10. We released #LibAFL 0.11 (and 0.11.1 with a doc fix).

    Highlights:

    • libafl_libfuzzer: a full #LibFuzzer replacement
    • libafl_bolts: low-level building blocks for #rust
    • libafl_qemu: hooks and fuzzing in #QEMU 8, #Hexagon support, ..
    • Updated #FRIDA
    • ...

    github.com/AFLplusplus/LibAFL/

    Have fun #fuzzing

  11. We released #LibAFL 0.11 (and 0.11.1 with a doc fix).

    Highlights:

    • libafl_libfuzzer: a full #LibFuzzer replacement
    • libafl_bolts: low-level building blocks for #rust
    • libafl_qemu: hooks and fuzzing in #QEMU 8, #Hexagon support, ..
    • Updated #FRIDA
    • ...

    github.com/AFLplusplus/LibAFL/

    Have fun #fuzzing

  12. We released #LibAFL 0.11 (and 0.11.1 with a doc fix).

    Highlights:

    • libafl_libfuzzer: a full #LibFuzzer replacement
    • libafl_bolts: low-level building blocks for #rust
    • libafl_qemu: hooks and fuzzing in #QEMU 8, #Hexagon support, ..
    • Updated #FRIDA
    • ...

    github.com/AFLplusplus/LibAFL/

    Have fun #fuzzing

  13. casr-libfuzzer: triage crashes in C/C++/Go/Python code found by libFuzzer/Atheris/go-fuzz

    casr-libfuzzer -o out -- /fuzz_target

    github.com/ispras/casr

    #casr #fuzzing #libfuzzer #atheris #go #python #cpp

  14. casr-libfuzzer: triage crashes in C/C++/Go/Python code found by libFuzzer/Atheris/go-fuzz

    casr-libfuzzer -o out -- /fuzz_target

    github.com/ispras/casr

    #casr #fuzzing #libfuzzer #atheris #go #python #cpp

  15. casr-libfuzzer: triage crashes in C/C++/Go/Python code found by libFuzzer/Atheris/go-fuzz

    casr-libfuzzer -o out -- /fuzz_target

    github.com/ispras/casr

    #casr #fuzzing #libfuzzer #atheris #go #python #cpp

  16. casr-libfuzzer: triage crashes in C/C++/Go/Python code found by libFuzzer/Atheris/go-fuzz

    casr-libfuzzer -o out -- /fuzz_target

    github.com/ispras/casr

    #casr #fuzzing #libfuzzer #atheris #go #python #cpp

  17. Finally published a coverage-guided, native Lua fuzzing engine. I'll do some polishing before a first release, but it's ready for use now.

    Some highlights: usage is quite similar to libfuzzer - define a fuzzing target and pass it to a function Fuzz, custom mutator can be defined as a Lua function, structure-aware inputs can be constructed using Fuzzing Data Provider (the same way as in libFuzzer). Moreover, added a code for building custom mutators in Lua for libFuzzer-based targets. Enjoy!

    Would be nice to hear feedback!

    github.com/ligurio/luzer

    #fuzzing #luzer #libfuzzer #lua

  18. Finally published a coverage-guided, native Lua fuzzing engine. I'll do some polishing before a first release, but it's ready for use now.

    Some highlights: usage is quite similar to libfuzzer - define a fuzzing target and pass it to a function Fuzz, custom mutator can be defined as a Lua function, structure-aware inputs can be constructed using Fuzzing Data Provider (the same way as in libFuzzer). Moreover, added a code for building custom mutators in Lua for libFuzzer-based targets. Enjoy!

    Would be nice to hear feedback!

    github.com/ligurio/luzer

    #fuzzing #luzer #libfuzzer #lua

  19. Finally published a coverage-guided, native Lua fuzzing engine. I'll do some polishing before a first release, but it's ready for use now.

    Some highlights: usage is quite similar to libfuzzer - define a fuzzing target and pass it to a function Fuzz, custom mutator can be defined as a Lua function, structure-aware inputs can be constructed using Fuzzing Data Provider (the same way as in libFuzzer). Moreover, added a code for building custom mutators in Lua for libFuzzer-based targets. Enjoy!

    Would be nice to hear feedback!

    github.com/ligurio/luzer

    #fuzzing #luzer #libfuzzer #lua

  20. Finally published a coverage-guided, native Lua fuzzing engine. I'll do some polishing before a first release, but it's ready for use now.

    Some highlights: usage is quite similar to libfuzzer - define a fuzzing target and pass it to a function Fuzz, custom mutator can be defined as a Lua function, structure-aware inputs can be constructed using Fuzzing Data Provider (the same way as in libFuzzer). Moreover, added a code for building custom mutators in Lua for libFuzzer-based targets. Enjoy!

    Would be nice to hear feedback!

    github.com/ligurio/luzer

    #fuzzing #luzer #libfuzzer #lua

  21. WRT #libfuzzer deprecation: the official alternative uses out-of-process fuzzing, which means the fuzzer doesn't run in the same process as the target.

    This is what the original #AFL fuzzer does, as well.

    It turns out that this doesn't scale well, thanks to IPC overhead and context switches for _every single _ testcase (of which you can reach millions per second of).*

    We spent years creating good in-process fuzzing with #LibAFL, trying to match the success of libfuzzer, and it's sad to see the OG in-process fuzzer get depreciated in favour of an (IMHO) technically inferior alternative.

    This may be a good engineering choice if you don't care about CPU cost and have an almost infinite amount of CPUs to spare.

    The amount of companies worldwide that has a virtually infinite amount of CPU cores to spare for #fuzzing is low.

    There are multiple ways to bring fuzzing to the masses, but this is not the one I would pick.

    *the one reason where out-of-process fuzzing is favorable is for crashing targets. Instead of slowly restoring your state, you can simply respawn the target. However, most fuzzing campaigns are over when crashes are found.

  22. WRT #libfuzzer deprecation: the official alternative uses out-of-process fuzzing, which means the fuzzer doesn't run in the same process as the target.

    This is what the original #AFL fuzzer does, as well.

    It turns out that this doesn't scale well, thanks to IPC overhead and context switches for _every single _ testcase (of which you can reach millions per second of).*

    We spent years creating good in-process fuzzing with #LibAFL, trying to match the success of libfuzzer, and it's sad to see the OG in-process fuzzer get depreciated in favour of an (IMHO) technically inferior alternative.

    This may be a good engineering choice if you don't care about CPU cost and have an almost infinite amount of CPUs to spare.

    The amount of companies worldwide that has a virtually infinite amount of CPU cores to spare for #fuzzing is low.

    There are multiple ways to bring fuzzing to the masses, but this is not the one I would pick.

    *the one reason where out-of-process fuzzing is favorable is for crashing targets. Instead of slowly restoring your state, you can simply respawn the target. However, most fuzzing campaigns are over when crashes are found.

  23. WRT #libfuzzer deprecation: the official alternative uses out-of-process fuzzing, which means the fuzzer doesn't run in the same process as the target.

    This is what the original #AFL fuzzer does, as well.

    It turns out that this doesn't scale well, thanks to IPC overhead and context switches for _every single _ testcase (of which you can reach millions per second of).*

    We spent years creating good in-process fuzzing with #LibAFL, trying to match the success of libfuzzer, and it's sad to see the OG in-process fuzzer get depreciated in favour of an (IMHO) technically inferior alternative.

    This may be a good engineering choice if you don't care about CPU cost and have an almost infinite amount of CPUs to spare.

    The amount of companies worldwide that has a virtually infinite amount of CPU cores to spare for #fuzzing is low.

    There are multiple ways to bring fuzzing to the masses, but this is not the one I would pick.

    *the one reason where out-of-process fuzzing is favorable is for crashing targets. Instead of slowly restoring your state, you can simply respawn the target. However, most fuzzing campaigns are over when crashes are found.

  24. WRT #libfuzzer deprecation: the official alternative uses out-of-process fuzzing, which means the fuzzer doesn't run in the same process as the target.

    This is what the original #AFL fuzzer does, as well.

    It turns out that this doesn't scale well, thanks to IPC overhead and context switches for _every single _ testcase (of which you can reach millions per second of).*

    We spent years creating good in-process fuzzing with #LibAFL, trying to match the success of libfuzzer, and it's sad to see the OG in-process fuzzer get depreciated in favour of an (IMHO) technically inferior alternative.

    This may be a good engineering choice if you don't care about CPU cost and have an almost infinite amount of CPUs to spare.

    The amount of companies worldwide that has a virtually infinite amount of CPU cores to spare for #fuzzing is low.

    There are multiple ways to bring fuzzing to the masses, but this is not the one I would pick.

    *the one reason where out-of-process fuzzing is favorable is for crashing targets. Instead of slowly restoring your state, you can simply respawn the target. However, most fuzzing campaigns are over when crashes are found.

  25. WRT #libfuzzer deprecation: the official alternative uses out-of-process fuzzing, which means the fuzzer doesn't run in the same process as the target.

    This is what the original #AFL fuzzer does, as well.

    It turns out that this doesn't scale well, thanks to IPC overhead and context switches for _every single _ testcase (of which you can reach millions per second of).*

    We spent years creating good in-process fuzzing with #LibAFL, trying to match the success of libfuzzer, and it's sad to see the OG in-process fuzzer get depreciated in favour of an (IMHO) technically inferior alternative.

    This may be a good engineering choice if you don't care about CPU cost and have an almost infinite amount of CPUs to spare.

    The amount of companies worldwide that has a virtually infinite amount of CPU cores to spare for #fuzzing is low.

    There are multiple ways to bring fuzzing to the masses, but this is not the one I would pick.

    *the one reason where out-of-process fuzzing is favorable is for crashing targets. Instead of slowly restoring your state, you can simply respawn the target. However, most fuzzing campaigns are over when crashes are found.

  26. The deprecation of #libfuzzer is a great time to recompile your fuzzing testcases with AFL++'s afl-cc (supports the same testcases!)
    and switch your future fuzzer developments to #LibAFL

    llvm.org/docs/LibFuzzer.html#s

    #fuzzing #fuzzingTips

  27. The deprecation of #libfuzzer is a great time to recompile your fuzzing testcases with AFL++'s afl-cc (supports the same testcases!)
    and switch your future fuzzer developments to #LibAFL

    llvm.org/docs/LibFuzzer.html#s

    #fuzzing #fuzzingTips

  28. The deprecation of #libfuzzer is a great time to recompile your fuzzing testcases with AFL++'s afl-cc (supports the same testcases!)
    and switch your future fuzzer developments to #LibAFL

    llvm.org/docs/LibFuzzer.html#s

    #fuzzing #fuzzingTips

  29. The deprecation of #libfuzzer is a great time to recompile your fuzzing testcases with AFL++'s afl-cc (supports the same testcases!)
    and switch your future fuzzer developments to #LibAFL

    llvm.org/docs/LibFuzzer.html#s

    #fuzzing #fuzzingTips

  30. The depreciation of #libfuzzer is a great time to recompile your fuzzing testcases with AFL++'s afl-cc (supports the same testcases!)
    and switch your future fuzzer developments to #LibAFL

    llvm.org/docs/LibFuzzer.html#s

    #fuzzing #fuzzingTips