Fuzzing

  1. The Fuzzing Process
    1. Phase 1: Target Selection and Preparation
      1. Identifying Suitable Targets
        1. High-Risk Components
          1. Attack Surface Analysis
          2. Source Code vs. Binary-Only Targets
            1. Advantages and Challenges
              1. Tooling Differences
              2. Creating a Fuzz Harness
                1. Writing Minimal Test Wrappers
                  1. Ensuring Determinism
                  2. Environment Setup
                    1. Isolated Test Environments
                      1. Resource Constraints
                    2. Phase 2: Configuration and Setup
                      1. Choosing a Fuzzer
                        1. Criteria for Selection
                          1. Compatibility Considerations
                          2. Compiling with Instrumentation
                            1. Compiler Flags
                              1. Supported Instrumentation Tools
                              2. Creating an Initial Seed Corpus
                                1. Gathering Real-World Inputs
                                  1. Generating Synthetic Seeds
                                  2. Configuration Parameters
                                    1. Timeout Settings
                                      1. Memory Limits
                                        1. CPU Allocation
                                      2. Phase 3: Execution
                                        1. Running the Fuzzing Campaign
                                          1. Command-Line Execution
                                            1. Automation and Scheduling
                                            2. Monitoring Progress and Statistics
                                              1. Crash Counts
                                                1. Coverage Metrics
                                                  1. Execution Speed
                                                  2. Scaling Fuzzing Efforts
                                                    1. Parallelization
                                                      1. Distributed Fuzzing
                                                      2. Campaign Management
                                                        1. Long-Running Campaigns
                                                          1. Resource Optimization
                                                        2. Phase 4: Triage and Analysis
                                                          1. Collecting and Deduplicating Crashes
                                                            1. Crash Hashing
                                                              1. Filtering Duplicates
                                                              2. Determining Exploitability
                                                                1. Crash Severity Assessment
                                                                  1. Security Impact Analysis
                                                                  2. Root Cause Analysis
                                                                    1. Debugging Tools
                                                                      1. Reproducing Crashes
                                                                      2. Minimizing Test Cases
                                                                        1. Automated Reduction
                                                                          1. Manual Minimization
                                                                        2. Phase 5: Reporting and Remediation
                                                                          1. Documenting Findings
                                                                            1. Writing Clear Reports
                                                                              1. Including Reproduction Steps
                                                                              2. Submitting Bug Reports
                                                                                1. Responsible Disclosure
                                                                                  1. Communication with Developers
                                                                                  2. Regression Testing
                                                                                    1. Verifying Fixes
                                                                                      1. Preventing Recurrence

                                                                                  Previous

                                                                                  5. Target Monitoring and Instrumentation

                                                                                  Go to top

                                                                                  Next

                                                                                  7. Crash Triage and Analysis