Found a Crash Through Fuzzing? Minimize AFL Testcases!

2021-06-25

[public] 6.77K views, 1.40K likes, 6.00 dislikes audio only

One fuzzer found a crash. Now we need to investigate if it's a 0day or if we found the known bug. To do that we first minimize the testcase, and then perform various tests and sanity checks.

Long version with Q&A: https://www.youtube.com/watch?v=uDSbYM5g-1M

Grab the files: https://github.com/LiveOverflow/pwnedit/tree/main/episode05

The whole playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx

Article version: https://liveoverflow.com/minimizing-afl-testcases-sudo5/

gef for gdb: https://github.com/hugsy/gef

Episode 05:

00:00 - Recap of Fuzzing Experiment: afl vs afl++

00:44 - We found a crash!

01:45 - First Look at the Crash Testcase

02:57 - Looking at Crash in GDB

04:06 - Is it a 0day or the Known Bug?

05:28 - Minimizing AFL Testcase

07:16 - Looking at Minimized Testcase

08:23 - Next Steps

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/