2021-04-29

[public] 32.0K views, 3.30K likes, 18.0 dislikes audio only

LiveOverflow

Recently a serious vulnerability in sudo was announced. But how can people even find these kind of bugs? Let's talk about why we would want to look for vulnerabilities in sudo, and how we could do that. We then try to setup afl, but fail... well... this will take a while

https://liveoverflow.com/support

Text Version: https://liveoverflow.com/why-pick-sudo-research-target-part-1/

GitHub: https://github.com/LiveOverflow/pwnedit/tree/main/episode01

Full Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx

Episode 01:

00:00 - Intro

01:48 - Prepare the System

03:57 - How to Pick a Research Target?

05:57 - Choose the Strategy: Fuzzing

09:27 - Fuzzing argv[] With AFL

13:00 - Running Into the Next AFL Problem

14:51 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/