Home

Awesome

Hackfest - Advanced Fuzzing Workshop

Start here -> https://github.com/antonio-morales/Hackfest_Advanced_Fuzzing_Workshop/blob/main/Hackfest%20Workshop%20Slides.pdf

Previous editions

Requirements

All you need for the workshop is:

Virtual machine

You also can find an .OVF virtual machine with everything already set up for the workshop here

After booting the VM, open a terminal and go to Desktop -> WORKSHOP -> Fuzz 0 -> unrtf

Then, type:

afl-fuzz -i ./tests -o afl-output  -- ./bin/unrtf --verbose -P ./lib/unrtf/ @@

If all it's ok, you'll be able to see a lot of AFL crashes :)

Rules

Awards

The winner of each challenge will receive a coupon to spend in GitHub Shop. Second place will also be awarded.

Fuzz Challenge 1 - ESIF RELOAD (V2.0) [45 minutes]

Build:

gcc HackFest1.c -lcrypto -lssl -w -o hackfest1

Run:

./hackfest1 ./AFL/afl_in/file1 output.ppm

Fuzz Challenge 2 - QSSLANG (Quite Stupid Structured Language) [50 minutes]

Build:

gcc HackFest2.c -w -o hackfest2

Run:

./hackfest2 Example.xml

Fuzz Challenge 3 - My sweet parser