libfuzzer-workshop
Materials of "Modern fuzzing of C/C++ Projects" workshop.
The first version of the workshop had been presented at ZeroNights'16 security conference.
Requirements
- 2-3 hours of your time
- Linux-based OS
- C/C++ experience (nothing special, but you need to be able to read, write and compile C/C++ code)
- a recent version of clang compiler. Distributions from
package managers are too old and most likely won't work (the workshop
called "modern", right?), you have two options:
- checkout llvm repository and build it yourself. To make it easy, feel free to use checkout_build_install_llvm.sh script, it has been tested on clean Ubuntu 16.04
- a VirtualBox VM with working environment is available, credentials:
fuzzer:zeronights
sudo apt-get install -y make autoconf automake libtool pkg-config zlib1g-dev
Fuzzing experience is not required.
Contents
- An introduction to fuzz testing
- An example of traditional fuzzing
- Coverage-guided fuzzing
- Writing fuzzers (simple examples)
- Finding Heartbleed (CVE-2014-0160)
- Finding c-ares $100,000 bug (CVE-2016-5180)
- How to improve your fuzzer
- Fuzzing libxml2, learning how to improve the fuzzer and analyze performance
- Fuzzing libpng, learning an importance of seed corpus and other stuff
- Fuzzing re2
- Fuzzing pcre2
- Chromium integration & homework assignment
Most of the examples have been taken from libFuzzer tutorial and Fuzzer Test Suite.
Prerequisites
libFuzzer
Building libFuzzer is extreemly easy:
cd libFuzzer
Fuzzer/build.sh
Links
- all slides in a single presentation: Modern Fuzzing of C/C++ Projects
- libFuzzer documentation: http://libfuzzer.info
- libFuzzer tutorial: http://tutorial.libfuzzer.info
- Google Online Security Blog: Guided in-process fuzzing of Chrome components