Как подружить DynamoRIO и LibFuzzer

Приветствую всех обитателей Хабра и случайных гостей! Этой статьёй я хотел бы начать цикл заметок, посвящённых моей научной работе в вузе, связанной с фаззинг-тестированием. Всего на данный момент я работаю над темой 2 семестра. За это время мне много раз приходилось обращаться к интернет ресурсам в поисках информации по работе с DynamoRIO. Но, к сожалению, годных ресурсов попадалось крайне мало. Поэтому я решил облегчить судьбу другим, интересующимся этой темой и инструментарием, и состряпал данную статью. Надеюсь, кому-нибудь это да пригодится ;-)

https://habr.com/ru/articles/826932/

#фаззинг #фаззингтестирование #dynamorio #libfuzzer #ассемблер #динамический_анализ #динамическая_инструментация #динамический_анализ_кода #криптография #инструментация

https://github.com/ligurio/sqa-wiki/wiki/libfuzzer-ecosystem

#fuzzing #libfuzzer

We released #LibAFL 0.11 (and 0.11.1 with a doc fix).

Highlights:

• libafl_libfuzzer: a full #LibFuzzer replacement
• libafl_bolts: low-level building blocks for #rust
• libafl_qemu: hooks and fuzzing in #QEMU 8, #Hexagon support, ..
• Updated #FRIDA
• ...

https://github.com/AFLplusplus/LibAFL/releases/tag/0.11.0

Have fun #fuzzing

casr-libfuzzer: triage crashes in C/C++/Go/Python code found by libFuzzer/Atheris/go-fuzz

casr-libfuzzer -o out -- /fuzz_target

https://github.com/ispras/casr

#casr #fuzzing #libfuzzer #atheris #go #python #cpp

https://youtu.be/TRNifH9N5zM

#libfuzzer #afl #lua #tarantool

@anfedotoff @aflplusplus Very cool!
I had the same realization and created a multi-fuzzer utility for Rust at work (@srlabs), using #AFLplusplus #honggfuzz and #libfuzzer in parallel.

https://github.com/srlabs/ziggy

Finally published a coverage-guided, native Lua fuzzing engine. I'll do some polishing before a first release, but it's ready for use now.

Some highlights: usage is quite similar to libfuzzer - define a fuzzing target and pass it to a function Fuzz, custom mutator can be defined as a Lua function, structure-aware inputs can be constructed using Fuzzing Data Provider (the same way as in libFuzzer). Moreover, added a code for building custom mutators in Lua for libFuzzer-based targets. Enjoy!

Would be nice to hear feedback!

https://github.com/ligurio/luzer

#fuzzing #luzer #libfuzzer #lua

The found solution is pretty simple:
1. Do fuzzing your #Go project with #libFuzzer (go-fuzz-build -libfuzzer)
2. Collect coverage using go-fuzz -dumpcover using corpus from 1
3. Use this trick: sed -i '/0.0,1.1/d' coverprofile
4. Create html report: go tool cover -html=coverprofile
5. Enjoy
#fuzzing

Does anyone know a convenient approach to get html code coverage report after fuzzing #go project with #libFuzzer (go-fuzz)?
I found this project: https://github.com/confluentinc/bincover
Looks good, but maybe we have something more?
#fuzzing

WRT #libfuzzer deprecation: the official alternative uses out-of-process fuzzing, which means the fuzzer doesn't run in the same process as the target.

This is what the original #AFL fuzzer does, as well.

It turns out that this doesn't scale well, thanks to IPC overhead and context switches for _every single _ testcase (of which you can reach millions per second of).*

We spent years creating good in-process fuzzing with #LibAFL, trying to match the success of libfuzzer, and it's sad to see the OG in-process fuzzer get depreciated in favour of an (IMHO) technically inferior alternative.

This may be a good engineering choice if you don't care about CPU cost and have an almost infinite amount of CPUs to spare.

The amount of companies worldwide that has a virtually infinite amount of CPU cores to spare for #fuzzing is low.

There are multiple ways to bring fuzzing to the masses, but this is not the one I would pick.

*the one reason where out-of-process fuzzing is favorable is for crashing targets. Instead of slowly restoring your state, you can simply respawn the target. However, most fuzzing campaigns are over when crashes are found.

The deprecation of #libfuzzer is a great time to recompile your fuzzing testcases with AFL++'s afl-cc (supports the same testcases!)
and switch your future fuzzer developments to #LibAFL

https://llvm.org/docs/LibFuzzer.html#status

#fuzzing #fuzzingTips

I have a YouTube channel where I talk about fuzzing, please like subscribe and share:
https://youtube.com/@MrHardik05

#fuzzing #vulnerability #afl #AFLplusplus #libfuzzer #winafl #jackalope #honggfuzz

Let’s replicate latest #OpenSSL vulnerabilities with the provided test cases and then find one using #libfuzzer #video #spookyssl

https://youtu.be/vhTuXph1dtY

Google launches FuzzBench service to benchmark fuzzing tools - Google has announced FuzzBench, a free service “for painlessly evaluating fuzzers in a reproducibl... more: https://nakedsecurity.sophos.com/2020/03/05/google-launches-fuzzbench-service-to-benchmark-fuzzing-tools/ #securitythreats #fuzzbench #honggfuzz #libfuzzer #eclipser #oss-fuzz #fuzzers #fuzzing #google #qsym #afl