In case you missed it, this is a very cool series about fuzzing and LibAFL by @epi

Fuzzing Xpdf: https://epi052.gitlab.io/notes-to-self/blog/2021-11-01-fuzzing-101-with-libafl/

Speed Improvements: https://epi052.gitlab.io/notes-to-self/blog/2021-11-07-fuzzing-101-with-libafl-part-1.5/

Fuzzing libexif: https://epi052.gitlab.io/notes-to-self/blog/2021-11-07-fuzzing-101-with-libafl-part-2/

Fuzzing tcpdump: https://epi052.gitlab.io/notes-to-self/blog/2021-11-20-fuzzing-101-with-libafl-part-3/

Fuzzing LibTIFF: https://epi052.gitlab.io/notes-to-self/blog/2021-11-26-fuzzing-101-with-libafl-part-4/

Fuzzing LibXML2: https://epi052.gitlab.io/notes-to-self/blog/2022-01-17-fuzzing-101-with-libafl-part-5/

#fuzzing #libafl #infosec #learning #cybersecurity

LibAFL 0.9.0 is out with a new logo🔥

Highlights:
→ QEMU user-mode and system-mode snapshot fuzzing
→ Stable CorpusId when removing/updating entries in Corpus
→ Tinyinst binary-only instrumentation
→ Full support to AFL++ binaries with forkserver
...

https://github.com/AFLplusplus/LibAFL/releases/tag/0.9.0

#fuzzing #libafl #AFLplusplus

Just played a bit with Atheris. Looks very familiar, because I used libFuzzer before a lot. #casr was as always helpful (400+ crashes narrowed down to 8 clusters). Some details of my experiments could be found here: https://github.com/ispras/oss-sydr-fuzz/wiki/Fuzzing-ruamel-yaml-(Python)-project-with--sydr-fuzz-(Atheris-backend)
P.S. Do we have something similar to Atheris but based on @aflplusplus or #libafl?
#fuzzing #python

Just found out #LibAFL launcher can print output of child processes if you set the LIBAFL_DEBUG_OUTPUT=1 env variable.

I knew this some time in the past, but forgot..

#fuzzing #fuzzingTips

Cool series about fuzzing and LibAFL (credits @epi)

1: https://epi052.gitlab.io/notes-to-self/blog/2021-11-01-fuzzing-101-with-libafl/
1.5: https://epi052.gitlab.io/notes-to-self/blog/2021-11-07-fuzzing-101-with-libafl-part-1.5/
2: https://epi052.gitlab.io/notes-to-self/blog/2021-11-07-fuzzing-101-with-libafl-part-2/
3: https://epi052.gitlab.io/notes-to-self/blog/2021-11-20-fuzzing-101-with-libafl-part-3/
4: https://epi052.gitlab.io/notes-to-self/blog/2021-11-26-fuzzing-101-with-libafl-part-4/
5: https://epi052.gitlab.io/notes-to-self/blog/2022-01-17-fuzzing-101-with-libafl-part-5/

#fuzzing #libafl #infosec #learning

WRT #libfuzzer depreciation: the official alternative uses out-of-process fuzzing, which means the fuzzer doesn't run in the same process as the target.

This is what afl does, as well. It turns out that this doesn't scale well, thanks to IPC overhead and context switches for _every single _ testcase (of which you can reach millions per second of).

We spent years creating good in-process fuzzing with #LibAFL, trying to match the success of libfuzzer, and it's sad to see the OG in-process fuzzer get depreciated in favour of an (IMHO) technically inferior alternative.

This may be a good engineering choice if you don't care about CPU cost and have an almost infinite amount of CPUs to spare.

The amount of companies worldwide that has a virtually infinite amount of CPU cores to spare for #fuzzing is low.

There are multiple ways to bring fuzzing to the masses, but this is not the one I would pick.

The depreciation of #libfuzzer is a great time to recompile your fuzzing testcases with AFL++'s afl-cc (supports the same testcases!)
and switch your future fuzzer developments to #LibAFL

https://llvm.org/docs/LibFuzzer.html#status

#fuzzing #fuzzingTips

For binary-only emulation in #LibAFL qemu, you can now dump DrCov traces to see in #idapro (lighthouse), #binaryninja (bncov), or #ghidra (dragondance) which paths the executions took.

This helps you understand where your fuzzer gets stuck, develop the harness further, and reach greater depth in the binary, eventually.

Binary-only modes of #AFLplusplus ( #qemu / #frida ) and libafl_frida also support DrCov output, already.

#fuzzing #fuzzingTips
https://github.com/AFLplusplus/LibAFL/pull/878

#LibAFL Concolic/hybrid #fuzzing with SymCC just got fixed for the latest llvm versions!
Symbolic execution ♥️ fuzzing

https://github.com/AFLplusplus/LibAFL/pull/901

I just read #libafl paper. I'm so excited! @andreafioraldi @dmnk @aflplusplus @thc It's awesome! I also have already played with baby_fuzzers, so nice:)).
I definitely need to go deeper and build my own fuzzer! Also, I'm thinking about opportunities in integration #libafl with #casr (https://github.com/ispras/casr).

#fuzzing #rust

Differential fuzzing in #LibAFL is getting a lot more powerful soon, thanks to this PR! #fuzzing

https://github.com/AFLplusplus/LibAFL/pull/868

Finally you can do proper Javascript engine #fuzzing with the latest #LibAFL again.
https://github.com/andreafioraldi/libafl_quickjs_fuzzing/pull/1

Andrea presented our #LibAFL paper today at #acm_ccs 🎉​
https://www.eurecom.fr/en/publication/6973

Prometheus Integration for #LibAFL fuzzer just landed, cool contribution

@aflplusplus #fuzzing
https://github.com/AFLplusplus/LibAFL/pull/875

It feels kinda weird, may delete later, but since it seems to be all the rage, here's my #introduction

Hi, I'm Dominik 🙃

I had always worked for product security teams on the side (WiFi SoHo routers, Smartcard readers, random software, ..) during uni/PhD, but finally quit #academia completely a few months ago.

Now I'm doing #cellular and other #connectivity security, trying to improve archaic low level protocols and implementations in #phones 😬.

Before that, I did a lot of #fuzzing (still do) and co-authored a bunch of papers I personally like, about #snapshot and #network fuzzing (FitM), #binary-only baseband fuzzing (FirmWire), Nvidia #driver fuzzing (BSOD) and many more.

Also, stumbled into @aflplusplus, the team maintaining #AFL++ and the fuzzing library #LibAFL we wrote in #rust (https://github.com/AFLplusplus/LibAFL) that currently dominates benchmarks! Enjoying this a lot :)

Apart from that, I travel, play games, organize CTFs, and just do whatever activities friends spontaneously throw at me

Check out #LibAFL, the advanced fuzzing library.

It's written in #Rust and let's you build all kinds of state-of-the-art fuzzers.

It offers binary-only and source-based instrumentations, runs almost everywhere (windows, linux android, mac, no_std, ..) and scales linearly across cores and machines.

We got some insanely cool things in stock, like libafl_qemu, a fast binary-only instrumentation with snapshot fuzzing and custom hooks, and so much more.

GET YOUR OPEN SOURCE COPY TODAY

#Fuzzing
https://github.com/AFLplusplus/LibAFL