Duration 9:12

Found a Crash Through Fuzzing Minimize AFL Testcases | Ep. 05

by LiveOverflow

24 454 watched

0

1.4 K

Published 25 Jun 2021

One fuzzer found a crash. Now we need to investigate if it's a 0day or if we found the known bug. To do that we first minimize the testcase, and then perform various tests and sanity checks. Long version with Q&A: /watch/M1-g5MYbSDubg Grab the files: https://github.com/LiveOverflow/pwnedit/tree/main/episode05 The whole playlist: /playlist/PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx Article version: https://liveoverflow.com/minimizing-afl-testcases-sudo5/ gef for gdb: https://github.com/hugsy/gef Episode 05: 00:00 - Recap of Fuzzing Experiment: afl vs afl++ 00:44 - We found a crash! 01:45 - First Look at the Crash Testcase 02:57 - Looking at Crash in GDB 04:06 - Is it a 0day or the Known Bug? 05:28 - Minimizing AFL Testcase 07:16 - Looking at Minimized Testcase 08:23 - Next Steps -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: /channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/

Category

Show more

Comments - 46

@

@LiveOverflow3 years ago Here is a longer version where I talk more broadly about this video. If you have any questions, maybe it's answered in there: .. 20
@

@dbanopsec42552 years ago I feel like a child on christmas, just got bored of exploiting then remembered i need to learn this and well ima be up all night. 1
@

@raunaksinghjolly83343 years ago I don' t understand anything you say but still watch all your videos lol. 1
@

@JerryThings3 years ago Come on don' t leave us like this, the best part just started: d.
@

@kissinger28673 years ago Awesome experiments and amazing explanation.
@

@gameglitcher3 years ago Isn' t there a character you can put in ascii that representsessentially? Sudoedit? 12
@

@userou-ig1ze3 years ago Sweet progress tastes sweet. Let' s see if it' s real or just our hallucination.
@

@mal-nr3ym3 years ago Total guess but is the abort signal behaving differently from a segfault and messing up the minimisers? 4
@

@thesamixz33833 years ago Thanks! Liveoverflow! Can you do a new video about return oriented programming.
@

@abdellatifdev32183 years ago I believe sudo -e works same as sudoedit.
@

@Saimon4043 years ago Can you upload a vedio? Python source code protect compiled!
@

@xcruell3 years ago My name is gef
sorry couldnt resist.
@

@georgehammond8673 years ago If this was a google bug. You would get 150. 0 euro' s.
@

@LiveOverflow3 years ago Here is a longer version where I talk more broadly about this video. If you have any questions, maybe it's answered in there: .. 20
@

@LiveOverflow3 years ago Here is a longer version where I talk more broadly about this video. If you have any questions, maybe it's answered in there: .. 20