Channel: LiveOverflow

Category: Education

Tags: buffer overflowfuzzerliveoverflowaddress sanitizerbug bountyguided fuzzingcrash analysisafl tutorialcapture the flagasan outputheap overflowlive overflowhacking tutorialcrash triagingdebug outputhacking classprivilege escalationtriagefuzzingaflamerican fuzzy lopexploit tutorialhow to hackaddresssanitizerasanbugsecurity researchroot cause

Description: Now that we found a crash and got a minimal testcase last episode, we can now try to find the true location of the overflow. ASan is an invaluable tool for that. Fuzzing Project: fuzzing-project.org/tutorial2.html Grab the files: github.com/LiveOverflow/pwnedit Full Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx Episode 06: 00:00 - Intro 00:47 - Create sudo ASan build 01:47 - Investigating weird issue 04:14 - Accidentally solving the problem 05:10 - Improve AddressSanitizer Debug Output 06:49 - Interpreting AddressSanitizer Output 07:23 - Triaging More Unique Crashes 08:25 - Plan For Next Steps -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Website: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow