Finding instrumentable locations for fuzzing via static binary analysis
In the 21st century, the rapid growth of technology has become indispensable in people’s daily lives. Technological devices are built upon software programs, in which software programs are getting more complex in the development of technology. The exploitation of vulnerabilities exists in every soft...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/166215 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-166215 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1662152023-04-28T15:39:43Z Finding instrumentable locations for fuzzing via static binary analysis Ong, Kwang Wee Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering In the 21st century, the rapid growth of technology has become indispensable in people’s daily lives. Technological devices are built upon software programs, in which software programs are getting more complex in the development of technology. The exploitation of vulnerabilities exists in every software program is still prevalent, which leads to zero-day vulnerabilities. This highlights the importance of discovering pre-existing and patching against such vulnerabilities before exploitations could occur. In this study, we perform fuzzing on open-source projects in the Linux environment using American Fuzzy Lop Plus (AFL++). The input files (seeds) consist of a set of standard binary files in Unifuzz seed bank and previously submitted Proof-of-Concept (POC) files by other security researchers. This paper provides a detailed explanation and highlights each step taken for the fuzzing campaign done through a period of 7 months on the Program Under Test (PUT) with the seeds mentioned above. The crash found was a reproducible crash and the information on the vulnerability has been submitted to huntr.dev to notify the developers of the program. Bachelor of Engineering Science (Computer Science) 2023-04-24T06:27:24Z 2023-04-24T06:27:24Z 2023 Final Year Project (FYP) Ong, K. W. (2023). Finding instrumentable locations for fuzzing via static binary analysis. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/166215 https://hdl.handle.net/10356/166215 en SCSE22-0584 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering |
| spellingShingle |
Engineering::Computer science and engineering Ong, Kwang Wee Finding instrumentable locations for fuzzing via static binary analysis |
| description |
In the 21st century, the rapid growth of technology has become indispensable in people’s daily lives. Technological devices are built upon software programs, in which software programs are getting more complex in the development of technology. The exploitation of vulnerabilities exists in every software program is still prevalent, which leads to zero-day vulnerabilities. This highlights the importance of discovering pre-existing and patching against such vulnerabilities before exploitations could occur. In this study, we perform fuzzing on open-source projects in the Linux environment using American Fuzzy Lop Plus (AFL++). The input files (seeds) consist of a set of standard binary files in Unifuzz seed bank and previously submitted Proof-of-Concept (POC) files by other security researchers. This paper provides a detailed explanation and highlights each step taken for the fuzzing campaign done through a period of 7 months on the Program Under Test (PUT) with the seeds mentioned above. The crash found was a reproducible crash and the information on the vulnerability has been submitted to huntr.dev to notify the developers of the program. |
| author2 |
Liu Yang |
| author_facet |
Liu Yang Ong, Kwang Wee |
| format |
Final Year Project |
| author |
Ong, Kwang Wee |
| author_sort |
Ong, Kwang Wee |
| title |
Finding instrumentable locations for fuzzing via static binary analysis |
| title_short |
Finding instrumentable locations for fuzzing via static binary analysis |
| title_full |
Finding instrumentable locations for fuzzing via static binary analysis |
| title_fullStr |
Finding instrumentable locations for fuzzing via static binary analysis |
| title_full_unstemmed |
Finding instrumentable locations for fuzzing via static binary analysis |
| title_sort |
finding instrumentable locations for fuzzing via static binary analysis |
| publisher |
Nanyang Technological University |
| publishDate |
2023 |
| url |
https://hdl.handle.net/10356/166215 |
| _version_ |
1765213813088452608 |