search

nixawk / labs

Vulnerability Labs for security analysis
1.16k stars 440 forks source link

[Question] Fuzzing #11

Open nixawk opened 7 years ago

nixawk commented 7 years ago

AFL

- https://en.wikipedia.org/wiki/Fuzzing
- https://en.wikipedia.org/wiki/Fuzz_testing
- http://lcamtuf.coredump.cx/afl/
- http://lcamtuf.coredump.cx/afl/demo/
- http://lcamtuf.coredump.cx/afl/QuickStartGuide.txt
- http://lcamtuf.coredump.cx/afl/#bugs
- http://lcamtuf.coredump.cx/afl/README.txt
- http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz
- http://lcamtuf.coredump.cx/afl/technical_details.txt

- http://lcamtuf.blogspot.com/2014/08/binary-fuzzing-strategies-what-works.html
- http://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html
- http://lcamtuf.blogspot.com/2014/11/pulling-jpegs-out-of-thin-air.html
- http://lcamtuf.blogspot.com/2014/11/afl-fuzz-crash-exploration-mode.html
- http://lcamtuf.blogspot.com/2015/01/afl-fuzz-making-up-grammar-with.html
- http://lcamtuf.blogspot.com/2015/04/finding-bugs-in-sqlite-easy-way.html
- http://lcamtuf.blogspot.com/2016/02/say-hello-to-afl-analyze.html

- https://groups.google.com/d/msg/afl-users/eWb2PgjLnUo/8AKqadYzSBoJ
- https://groups.google.com/forum/#!topic/afl-users/RW4RF6x9aBc

- https://github.com/secfigo/Awesome-Fuzzing
- http://llvm.org/docs/LibFuzzer.html
- http://honggfuzz.com/
- https://github.com/aoh/radamsa

- https://www.youtube.com/watch?v=29RbO5bftwo
- https://www.evilsocket.net/2015/04/30/fuzzing-with-afl-fuzz-a-practical-example-afl-vs-binutils/
- https://labsblog.f-secure.com/2017/06/22/super-awesome-fuzzing-part-one/
- http://thecyberrecce.net/2017/03/20/software-exploit-development-fuzzing-with-afl/
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/project-triforce-run-afl-on-everything/
- https://www.fastly.com/blog/how-fuzz-server-american-fuzzy-lop
- https://www.reddit.com/r/fuzzing/
- https://animal0day.blogspot.jp/2017/05/fuzzing-apache-httpd-server-with.html
- https://animal0day.blogspot.jp/2017/07/
- https://sensepost.com/blog/2017/fuzzing-apache-httpd-server-with-american-fuzzy-lop-%2B-persistent-mode/
- https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/
- http://research.aurainfosec.io/hunting-for-bugs-101/
- http://paper.seebug.org/323/
$ CC="afl-clang-fast" CFLAGS="-fsanitize=address -ggdb" CXXFLAGS="-fsanitize=address -ggdb" ./configure
$ make

fuzzing