Practical fuzzing on open-source projects
Hackers exploiting software vulnerabilities found in all software programs, resulting in unfavorable outcomes, which is a major concern in software security. This highlights the importance of patching such vulnerabilities before hackers can exploit them, which is a race against time. Zero-day exploi...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/162837 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-162837 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1628372022-11-11T00:15:34Z Practical fuzzing on open-source projects Ng, Chun Kai Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering Hackers exploiting software vulnerabilities found in all software programs, resulting in unfavorable outcomes, which is a major concern in software security. This highlights the importance of patching such vulnerabilities before hackers can exploit them, which is a race against time. Zero-day exploits is one of such vulnerability. In this study, we perform fuzzing on a popular command line text editor, VIM, on the Ubuntu systems using the American Fuzzy Lop Plus Plus (AFL++). The goal of this project is to find crashes that may lead to a previously unknown vulnerability in the targeted program. The input files (seeds) contain multiple text files containing various special characters and languages. These input files were obtained from the internet as well as previously discovered Proof-of-Concept (POC) crashes from other users, but by changing the options used, the same POC will explore a different path in the code. This paper provides a detailed explanation, setup, and highlights the steps for the 9-11 month long fuzzing campaign. The reproducible crashes were analyzed and submitted to huntr.dev to notify the developers of the vulnerability. Bachelor of Engineering (Computer Science) 2022-11-11T00:15:34Z 2022-11-11T00:15:34Z 2022 Final Year Project (FYP) Ng, C. K. (2022). Practical fuzzing on open-source projects. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/162837 https://hdl.handle.net/10356/162837 en SCSE21-0926 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering |
| spellingShingle |
Engineering::Computer science and engineering Ng, Chun Kai Practical fuzzing on open-source projects |
| description |
Hackers exploiting software vulnerabilities found in all software programs, resulting in unfavorable outcomes, which is a major concern in software security. This highlights the importance of patching such vulnerabilities before hackers can exploit them, which is a race against time. Zero-day exploits is one of such vulnerability. In this study, we perform fuzzing on a popular command line text editor, VIM, on the Ubuntu systems using the American Fuzzy Lop Plus Plus (AFL++). The goal of this project is to find crashes that may lead to a previously unknown vulnerability in the targeted program. The input files (seeds) contain multiple text files containing various special characters and languages. These input files were obtained from the internet as well as previously discovered Proof-of-Concept (POC) crashes from other users, but by changing the options used, the same POC will explore a different path in the code. This paper provides a detailed explanation, setup, and highlights the steps for the 9-11 month long fuzzing campaign. The reproducible crashes were analyzed and submitted to huntr.dev to notify the developers of the vulnerability. |
| author2 |
Liu Yang |
| author_facet |
Liu Yang Ng, Chun Kai |
| format |
Final Year Project |
| author |
Ng, Chun Kai |
| author_sort |
Ng, Chun Kai |
| title |
Practical fuzzing on open-source projects |
| title_short |
Practical fuzzing on open-source projects |
| title_full |
Practical fuzzing on open-source projects |
| title_fullStr |
Practical fuzzing on open-source projects |
| title_full_unstemmed |
Practical fuzzing on open-source projects |
| title_sort |
practical fuzzing on open-source projects |
| publisher |
Nanyang Technological University |
| publishDate |
2022 |
| url |
https://hdl.handle.net/10356/162837 |
| _version_ |
1751548593858150400 |