Fuzzing Linux binaries with AFL++
This FYP project demonstrates the application of AFL++, a state-of-the-art fuzzing tool, for discovering new vulnerabilities in the latest versions of Linux binaries. AFL++ automates grey box testing of instrumented Linux binaries to detect bugs and vulnerabilities. The project comprises three phase...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/165865 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | This FYP project demonstrates the application of AFL++, a state-of-the-art fuzzing tool, for discovering new vulnerabilities in the latest versions of Linux binaries. AFL++ automates grey box testing of instrumented Linux binaries to detect bugs and vulnerabilities. The project comprises three phases of fuzzing campaign. The first phase involves prepping of instrumented target binary and necessary seeds files to feed into the binary. The second phase, AFL++ techniques and methods are employed to conduct fuzzing of the instrumented binary. The third phase, the crashes found during fuzzing are triaged and bug reports were submitted for Xpdf pdftotext, GPAC MP4Box, and Vim text editor tool. Bugs discovered in GPAC MP4Box and Vim have been assigned CVE numbers. |
|---|