Finding Buffer Overflow with Fuzzing

2021-06-11

[public] 25.9K views, 1.97K likes, 13.0 dislikes audio only

AFL helped us to find a buffer overflow. Did we find a real crash in sudo? Let's investigate it.

Files on GitHub: https://github.com/LiveOverflow/pwnedit/tree/main/episode04

Blog Post: https://liveoverflow.com/finding-buffer-overflow-with-fuzzing/

Previous video and episode playlist: /youtube/video/W2kZnmchJhI

Episode 04:

00:00 - Intro

00:28 - Looking at AFL crashes

01:25 - Investigate Crashes with gdb

03:35 - Debug Crash in AFL argv[] wrapper

04:27 - Fixing Buffer Overflow in AFL argv[] wrapper

05:19 - Setup Fuzzing Experiment with AFL++

07:11 - AFL UI Output Information

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/