How Fuzzing with AFL works! | Ep. 02
Let's investigate some issues we have fuzzing sudo with afl. And also explain how AFL works. After improving our fuzzing setup even more, we are finally read to start fuzzing sudo for real. Can we find the vulnerability now?
https://liveoverflow.com/support/
Grab the files: https://github.com/LiveOverflow/pwnedit/
milek7's blog: https://milek7.pl/howlongsudofuzz/
Sudo Research Episode 02:
00:00 - Recap
00:39 - Fixing AFL Crash Using LLVM mode
03:32 - Testing the AFL Instrumented Sudo Binary
04:11 - How Fuzzing with AFL works!
06:44 - Can AFL find the crash?
08:06 - Detour: busybox and argv[0]
09:48 - How could we discover "sudoedit"?
10:47 - Can AFL find "sudoedit" through magic?
11:25 - Include argv[0] in the testcases
13:06 - Parallel Fuzzing Setup
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео How Fuzzing with AFL works! | Ep. 02 канала LiveOverflow
https://liveoverflow.com/support/
Grab the files: https://github.com/LiveOverflow/pwnedit/
milek7's blog: https://milek7.pl/howlongsudofuzz/
Sudo Research Episode 02:
00:00 - Recap
00:39 - Fixing AFL Crash Using LLVM mode
03:32 - Testing the AFL Instrumented Sudo Binary
04:11 - How Fuzzing with AFL works!
06:44 - Can AFL find the crash?
08:06 - Detour: busybox and argv[0]
09:48 - How could we discover "sudoedit"?
10:47 - Can AFL find "sudoedit" through magic?
11:25 - Include argv[0] in the testcases
13:06 - Parallel Fuzzing Setup
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео How Fuzzing with AFL works! | Ep. 02 канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
riscure embedded hardware CTF is over - loopback 0x03
Live Hacking - Internetwache CTF 2016 - web50, web60, web80
LiveOverflow Channel Trailer
format2 on a modern Ubuntu - bin 0x26
Deepdive Containers - Kernel Sources and nsenter
What is a Protocol? (Deepdive)
Riscure Embedded Hardware CTF setup and introduction - rhme2 Soldering
TCP Protocol introduction - bin 0x1A
XSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020
Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
File Path Race Condition & How To Prevent It - bin 0x31
VPNs, Proxies and Secure Tunnels Explained (Deepdive)
Exploit Fails? Debug Your Shellcode - bin 0x2B
New to Linux? Need Help Understanding Shell Commands?
HACKERSPACES ARE AWESOME!
Fuzzing Browsers for weird XSS Vectors
Understanding C Pointer Magic Arithmetic | Ep. 07
Solving Pwnable CTF Challenge With Docker Workflow
The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption
The HTTP Protocol: GET /test.html - web 0x01
What is a Browser Security Sandbox?! (Learn to Hack Firefox)