المدة الزمنية 9:12

Found a Crash Through Fuzzing Minimize AFL Testcases | Ep. 05

بواسطة LiveOverflow

24 447 مشاهدة

1.4 K

تم نشره في 2021/06/25

One fuzzer found a crash. Now we need to investigate if it's a 0day or if we found the known bug. To do that we first minimize the testcase, and then perform various tests and sanity checks. Long version with Q&A: /watch/M1-g5MYbSDubg Grab the files: https://github.com/LiveOverflow/pwnedit/tree/main/episode05 The whole playlist: /playlist/PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx Article version: https://liveoverflow.com/minimizing-afl-testcases-sudo5/ gef for gdb: https://github.com/hugsy/gef Episode 05: 00:00 - Recap of Fuzzing Experiment: afl vs afl++ 00:44 - We found a crash! 01:45 - First Look at the Crash Testcase 02:57 - Looking at Crash in GDB 04:06 - Is it a 0day or the Known Bug? 05:28 - Minimizing AFL Testcase 07:16 - Looking at Minimized Testcase 08:23 - Next Steps -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: /channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/

الفئة

عرض المزيد

تعليقات - 46

@

@LiveOverflowمنذ 3 سنوات Here is a longer version where I talk more broadly about this video. If you have any questions, maybe it's answered in there: . 20
@

@dbanopsec4255منذ 2 سنوات i feel like a child on christmas, just got bored of exploiting then remembered i need to learn this and well ima be up all night 1
@

@raunaksinghjolly8334منذ 3 سنوات I don't understand anything you say but still watch all your videos lol 1
@

@JerryThingsمنذ 3 سنوات Come on don't leave us like this, the best part just started :D
@

@kissinger2867منذ 3 سنوات Awesome experiments and amazing explanation.
@

@gameglitcherمنذ 3 سنوات Isn't there a character you can put in ascii that represents 'backspace' essentially? sudo\0x08\0x08doedit = sudoedit? 12
@

@mind2hex598منذ 3 سنوات Nooo I cant wait for the next video :( 3
@

@userou-ig1zeمنذ 3 سنوات sweet progress tastes sweet. Let's see if it's real or just our hallucination
@

@monsieuralexandergulbu3678منذ 3 سنوات So interesting and kinda mysterious ;)
@

@mal-nr3ymمنذ 3 سنوات Total guess but is the abort signal behaving differently from a segfault and messing up the minimisers? 4
@

@thesamixz3383منذ 3 سنوات Thanks ! Liveoverflow ! Can you do a new video about Return Oriented Programming
@

@abdellatifdev3218منذ 3 سنوات I believe sudo -e works same as sudoedit
@

@Saimon404منذ 3 سنوات Can you upload a vedio? python Source code protect compiled !
@

@xcruellمنذ 3 سنوات My name is GEF
Sorry couldnt resist
@

@georgehammond867منذ 3 سنوات if this was a google bug ..you would get 150.000 euro's.
@

@LiveOverflowمنذ 3 سنوات Here is a longer version where I talk more broadly about this video. If you have any questions, maybe it's answered in there: . 20
@

@LiveOverflowمنذ 3 سنوات Here is a longer version where I talk more broadly about this video. If you have any questions, maybe it's answered in there: . 20