Skip to content

Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.

License

Notifications You must be signed in to change notification settings

enovella/libfuzzer-workshop

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

libfuzzer-workshop

Materials of "Modern fuzzing of C/C++ Projects" workshop.

The workshop will be hosted at ZeroNights'16 security conference.

Requirements

  • 2-3 hours of your time
  • Linux-based OS
  • C/C++ experience (nothing special, but you need to be able to read, write and compile C/C++ code)
  • a recent version of clang compiler. Distributions from package managers are too old and most likely won't work (the workshop called "modern", right?), you have two options:
    • checkout llvm repository and build it yourself. To make it easy, feel free to use checkout_build_install_llvm.sh script, it has been tested on clean Ubuntu 16.04
    • a VirtualBox VM with working environment will be provided at the workshop
  • sudo apt-get install -y make autoconf automake libtool pkg-config zlib1g-dev

Fuzzing experience is not required.

Contents

  1. An introduction to fuzz testing
  2. An example of traditional fuzzing
  3. Coverage-guided fuzzing
  4. Writing fuzzers (simple examples)
  5. Finding Heartbleed (CVE-2014-0160)
  6. Finding c-ares $100,000 bug (CVE-2016-5180)
  7. Fuzzing libxml2, learning how to improve the fuzzer and analyze performance
  8. Fuzzing libpng, learning an importance of seed corpus and other stuff
  9. Fuzzing re2 (TODO: add problems?)
  10. Fuzzing pcre2
  11. Chromium integration
  12. OSS-Fuzz project

Prerequisites

libFuzzer

Building libFuzzer is extreemly easy:

cd libFuzzer
Fuzzer/build.sh

Links

About

Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 90.9%
  • CMake 3.8%
  • Python 2.9%
  • C 1.6%
  • Shell 0.8%