Hunting Bugs in Your Sleep - How to Fuzz (Almost) Anything With AFL/AFL++

Presented at HOPE 2020 Virtual Rescheduled, July 26, 2020, 10 a.m. (60 minutes)

This is a “part one” talk on exploitation detailing how to get started with AFL to find bugs (usually memory corruption vulnerabilities). Finding bugs in a program gives you the opportunity to research further potential vulnerabilities and exploitation. It’s really that simple. vr0n will show how to install AFL, how to set up AFL, and how to use AFL against a program.

Presenters:

• vr0n
  **vr0n (@_vr0n)** is a cybersecurity student who has worked on several research projects related to virtualization, containers, data provenance, IoT security, fuzzing, and binary exploitation. They have posted some boring stuff at vr0n.tech, but plan on posting more interesting stuff soon. Super into decentralized tech and mesh Internet.

Links:

• https://xiii.hope.net/hope2020/talk/DXANHA/
• https://infocon.org/cons/2600/HOPE 2020 (2020)/HOPE 2020 - Hunting Bugs in Your Sleep.mp4
• https://www.youtube.com/watch?v=A8ex1hqaQ7E

Similar Presentations:

• Black Hat USA 2018 / AFL's Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries
• HushCon Seattle 2018 / Killerbeez: It's like AFL on Steroids
• DEF CON 27 (2019) / Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets