Finding instrumentable locations for fuzzing via static binary analysis
Today, the exploitation of vulnerabilities which exists in every software program is still prevalent, leading to unintended repercussions. This highlights the importance of eradicating the pre-existing vulnerabilities before they can be exploited by hackers. In this study, American Fuzzy Lop Plus Pl...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/156539 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-156539 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1565392022-04-19T08:26:30Z Finding instrumentable locations for fuzzing via static binary analysis Ng, Lyon Hong Kai Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering Today, the exploitation of vulnerabilities which exists in every software program is still prevalent, leading to unintended repercussions. This highlights the importance of eradicating the pre-existing vulnerabilities before they can be exploited by hackers. In this study, American Fuzzy Lop Plus Plus (AFL++) was the fuzzer used to fuzz programs on the ubuntu system. The objective of this project is to find crashes that might lead to the discovery of vulnerabilities which were not documented before. The input files (seeds) consisted of mp4 files and binary files which were obtained from go-fuzz-corpus seed bank, as well as from submitted Proof-of-Concept (POC) files by other users. This paper provides a detailed explanation and highlights the steps for the fuzzing campaign done through a period of 10-12 months on the Program Under Test (PUT) with the seeds mentioned above. The crash found was a reproducible crash and the information on the vulnerability has been submitted to huntr.dev to inform the developers of the program. With more work and time put into this campaign, we could provide a more detailed analysis on the vulnerability and provide a solution for it. Bachelor of Engineering (Computer Science) 2022-04-19T08:26:30Z 2022-04-19T08:26:30Z 2022 Final Year Project (FYP) Ng, L. H. K. (2022). Finding instrumentable locations for fuzzing via static binary analysis. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/156539 https://hdl.handle.net/10356/156539 en application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering |
| spellingShingle |
Engineering::Computer science and engineering Ng, Lyon Hong Kai Finding instrumentable locations for fuzzing via static binary analysis |
| description |
Today, the exploitation of vulnerabilities which exists in every software program is still prevalent, leading to unintended repercussions. This highlights the importance of eradicating the pre-existing vulnerabilities before they can be exploited by hackers. In this study, American Fuzzy Lop Plus Plus (AFL++) was the fuzzer used to fuzz programs on the ubuntu system. The objective of this project is to find crashes that might lead to the discovery of vulnerabilities which were not documented before. The input files (seeds) consisted of mp4 files and binary files which were obtained from go-fuzz-corpus seed bank, as well as from submitted Proof-of-Concept (POC) files by other users. This paper provides a detailed explanation and highlights the steps for the fuzzing campaign done through a period of 10-12 months on the Program Under Test (PUT) with the seeds mentioned above. The crash found was a reproducible crash and the information on the vulnerability has been submitted to huntr.dev to inform the developers of the program. With more work and time put into this campaign, we could provide a more detailed analysis on the vulnerability and provide a solution for it. |
| author2 |
Liu Yang |
| author_facet |
Liu Yang Ng, Lyon Hong Kai |
| format |
Final Year Project |
| author |
Ng, Lyon Hong Kai |
| author_sort |
Ng, Lyon Hong Kai |
| title |
Finding instrumentable locations for fuzzing via static binary analysis |
| title_short |
Finding instrumentable locations for fuzzing via static binary analysis |
| title_full |
Finding instrumentable locations for fuzzing via static binary analysis |
| title_fullStr |
Finding instrumentable locations for fuzzing via static binary analysis |
| title_full_unstemmed |
Finding instrumentable locations for fuzzing via static binary analysis |
| title_sort |
finding instrumentable locations for fuzzing via static binary analysis |
| publisher |
Nanyang Technological University |
| publishDate |
2022 |
| url |
https://hdl.handle.net/10356/156539 |
| _version_ |
1731235724357795840 |