Found a Crash Through Fuzzing? Minimize AFL Testcases! | Ep. 05
One fuzzer found a crash. Now we need to investigate if it's a 0day or if we found the known bug. To do that we first minimize the testcase, and then perform various tests and sanity checks.
Long version with Q&A: https://www.youtube.com/watch?v=uDSbYM5g-1M
Grab the files: https://github.com/LiveOverflow/pwnedit/tree/main/episode05
The whole playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Article version: https://liveoverflow.com/minimizing-afl-testcases-sudo5/
gef for gdb: https://github.com/hugsy/gef
Episode 05:
00:00 - Recap of Fuzzing Experiment: afl vs afl++
00:44 - We found a crash!
01:45 - First Look at the Crash Testcase
02:57 - Looking at Crash in GDB
04:06 - Is it a 0day or the Known Bug?
05:28 - Minimizing AFL Testcase
07:16 - Looking at Minimized Testcase
08:23 - Next Steps
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Found a Crash Through Fuzzing? Minimize AFL Testcases! | Ep. 05 канала LiveOverflow
Long version with Q&A: https://www.youtube.com/watch?v=uDSbYM5g-1M
Grab the files: https://github.com/LiveOverflow/pwnedit/tree/main/episode05
The whole playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Article version: https://liveoverflow.com/minimizing-afl-testcases-sudo5/
gef for gdb: https://github.com/hugsy/gef
Episode 05:
00:00 - Recap of Fuzzing Experiment: afl vs afl++
00:44 - We found a crash!
01:45 - First Look at the Crash Testcase
02:57 - Looking at Crash in GDB
04:06 - Is it a 0day or the Known Bug?
05:28 - Minimizing AFL Testcase
07:16 - Looking at Minimized Testcase
08:23 - Next Steps
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Found a Crash Through Fuzzing? Minimize AFL Testcases! | Ep. 05 канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
riscure embedded hardware CTF is over - loopback 0x03
Live Hacking - Internetwache CTF 2016 - web50, web60, web80
LiveOverflow Channel Trailer
format2 on a modern Ubuntu - bin 0x26
Deepdive Containers - Kernel Sources and nsenter
What is a Protocol? (Deepdive)
Riscure Embedded Hardware CTF setup and introduction - rhme2 Soldering
TCP Protocol introduction - bin 0x1A
XSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020
Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
File Path Race Condition & How To Prevent It - bin 0x31
VPNs, Proxies and Secure Tunnels Explained (Deepdive)
Exploit Fails? Debug Your Shellcode - bin 0x2B
New to Linux? Need Help Understanding Shell Commands?
HACKERSPACES ARE AWESOME!
Fuzzing Browsers for weird XSS Vectors
Understanding C Pointer Magic Arithmetic | Ep. 07
Solving Pwnable CTF Challenge With Docker Workflow
The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption
The HTTP Protocol: GET /test.html - web 0x01
What is a Browser Security Sandbox?! (Learn to Hack Firefox)