Skip to main content

Posts

Showing posts with the label fuzzer

drAFL: fuzzing binaries with no source code on Linux

drAFL Original AFL supports black-box coverage-guided  fuzzing  using QEMU mode. Fuzzing is one of the most powerful and proven strategies for identifying security issues in real-world software; it is responsible for the vast majority of remote code execution and privilege escalation bugs found to date in security-critical software. Unfortunately, fuzzing is also relatively shallow; blind, random mutations make it very unlikely to reach certain code paths in the tested code, leaving some vulnerabilities firmly outside the reach of this technique. There have been numerous attempts to solve this problem. One of the early approaches – pioneered by Tavis Ormandy – is corpus distillation. The method relies on coverage signals to select a subset of interesting seeds from a massive, high-quality corpus of candidate files, and then fuzz them by traditional means. The approach works exceptionally well, but requires such a corpus to be readily available. In addition, block ...