Channel: LiveOverflow

Category: Education

Tags: liveoverflowfuzzerguided fuzzingcrash analysisafl tutorialcrashesafl-tminlive overflowhacking tutorialpwneditcoursehacking classsudotutorialminimizingminimizerfuzzingcoursesaflsudoeditamerican fuzzy loptestcaseshow to hackexploit tutorialafl-pyminminimizationsecurity research

Description: One fuzzer found a crash. Now we need to investigate if it's a 0day or if we found the known bug. To do that we first minimize the testcase, and then perform various tests and sanity checks. Long version with Q&A: youtube.com/watch?v=uDSbYM5g-1M Grab the files: github.com/LiveOverflow/pwnedit/tree/main/episode05 The whole playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx Article version: liveoverflow.com/minimizing-afl-testcases-sudo5 gef for gdb: github.com/hugsy/gef Episode 05: 00:00 - Recap of Fuzzing Experiment: afl vs afl++ 00:44 - We found a crash! 01:45 - First Look at the Crash Testcase 02:57 - Looking at Crash in GDB 04:06 - Is it a 0day or the Known Bug? 05:28 - Minimizing AFL Testcase 07:16 - Looking at Minimized Testcase 08:23 - Next Steps -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Website: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow