Awesome

libfuzzer-workshop

Materials of "Modern fuzzing of C/C++ Projects" workshop.

The first version of the workshop had been presented at ZeroNights'16 security conference.

Disclaimer

This workshop was originally developed in 2016. As of today (2021 and beyond), the practical side of the workshop might be not working right away, because libFuzzer greatly evolved over the years. The theoretical part of the workshop is a good learning material still, but for the practical lessons it is recommended to follow the most recent version of the libFuzzer tutorial.

Requirements

2-3 hours of your time
Linux-based OS
C/C++ experience (nothing special, but you need to be able to read, write and compile C/C++ code)
a recent version of clang compiler. Distributions from package managers are too old and most likely won't work (the workshop called "modern", right?), you have two options:
- checkout llvm repository and build it yourself. To make it easy, feel free to use checkout_build_install_llvm.sh script, it has been tested on clean Ubuntu 16.04
- a VirtualBox VM with working environment is available, credentials: fuzzer:zeronights
sudo apt-get install -y make autoconf automake libtool pkg-config zlib1g-dev

Fuzzing experience is not required.

An introduction to fuzz testing
An example of traditional fuzzing
Coverage-guided fuzzing
Writing fuzzers (simple examples)
Finding Heartbleed (CVE-2014-0160)
Finding c-ares $100,000 bug (CVE-2016-5180)
How to improve your fuzzer
Fuzzing libxml2, learning how to improve the fuzzer and analyze performance
Fuzzing libpng, learning an importance of seed corpus and other stuff
Fuzzing re2
Fuzzing pcre2
Chromium integration & homework assignment

Most of the examples have been taken from libFuzzer tutorial and Fuzzer Test Suite.

Prerequisites

libFuzzer

Building libFuzzer is extreemly easy:

cd libFuzzer
Fuzzer/build.sh

libFuzzer repository could be found inside LLVM's compiler-rt project.