Materials of "Modern fuzzing of C/C++ Projects" workshop.
The workshop will be hosted at ZeroNights'16 security conference.
- 2-3 hours of your time
- Linux-based OS
- C/C++ experience (nothing special, but you need to be able to read, write and compile C/C++ code)
- a recent version of clang compiler. Distributions from
package managers are too old and most likely won't work (the workshop
called "modern", right?), you have two options:
- checkout llvm repository and build it yourself. To make it easy, feel free to use checkout_build_install_llvm.sh script, it has been tested on clean Ubuntu 16.04
- a VirtualBox VM with working environment will be provided at the workshop
sudo apt-get install -y make autoconf automake libtool pkg-config zlib1g-dev
Fuzzing experience is not required.
- An introduction to fuzz testing
- An example of traditional fuzzing
- Coverage-guided fuzzing
- Writing fuzzers (simple examples)
- Finding Heartbleed (CVE-2014-0160)
- Finding c-ares $100,000 bug (CVE-2016-5180)
- Fuzzing libxml2, learning how to improve the fuzzer and analyze performance
- Fuzzing libpng, learning an importance of seed corpus and other stuff
- Fuzzing re2 (TODO: add problems?)
- Fuzzing pcre2
- Chromium integration
- OSS-Fuzz project
Building libFuzzer is extreemly easy:
cd libFuzzer
Fuzzer/build.sh- libFuzzer documentation: http://libfuzzer.info
- libFuzzer tutorial: http://tutorial.libfuzzer.info
- Google Online Security Blog: Guided in-process fuzzing of Chrome components