Home

Awesome

Fuzzing-101

Do you want to learn how to fuzz like a real expert, but don't know how to start?

If so, this is the course for you!

10 real targets, 10 exercises. Are you able to solve all 10?

Structure

Exercise No.TargetCVEs to findTime estimatedMain topics
Exercise 1XpdfCVE-2019-13288120 minsAfl-clang-fast, Afl-fuzz, GDB
Exercise 2libexifCVE-2009-3895, CVE-2012-28366 hoursAfl-clang-lto, Fuzz libraries, Eclipse IDE
Exercise 3TCPdumpCVE-2017-130284 hoursASan, Sanitizers
Exercise 4LibTIFFCVE-2016-92973 hoursCode coverage, LCOV
Exercise 5Libxml2CVE-2017-90483 hoursDictionaries, Basic parallelization, Fuzzing command-line arguments
Exercise 6GIMPCVE-2016-4994, Bonus bugs7 hoursPersistent fuzzing, Fuzzing interactive applications
Exercise 7VLC media playerCVE-2019-147766 hoursPartial instrumentation, Fuzzing harness
Exercise 8Adobe Reader8 hoursFuzzing closed-source applications, QEMU instrumentation
Exercise 97-ZipCVE-2016-23348 hoursWinAFL, Fuzzing Windows Applications
Exercise 10 (Final Challenge)Google Chrome / V8CVE-2019-58478 hoursFuzzilli, Fuzzing Javascript engines

Changelog

Who is the course intended for?

Requirements

What is fuzzing?

Fuzz testing (or fuzzing) is an automated software testing technique that is based on feeding the program with random/mutated input values and monitoring it for exceptions/crashes.

AFL, libFuzzer and HonggFuzz are three of the most successful fuzzers when it comes to real world applications. All three are examples of Coverage-guided evolutionary fuzzers.

Coverage-guided evolutionary fuzzer

<img src="./Diagram.png"> <p align="center"> Simplification of the coverage gathering process of a coverage-guided evolutionary fuzzer </p>

Thanks

Thanks for their help:

Contact

Are you stuck and looking for help? Do you have suggestions for making this course better or just positive feedback so that we can create more fuzzing content? Do you want to share your fuzzing experience with the community? Join the GitHub Security Lab Slack and head to the #fuzzing channel. Request an invite to the GitHub Security Lab Slack