Introduction to Blackbox Fuzzing

Free

Introduction to Blackbox Fuzzing

Learn how to fuzz closed-source binary easily.
📦 Source code, 📝 Cheatsheets & 🎞️ Videos

What you'll learn

This FREE course is an introduction to blackbox fuzzing. Over multiple videos, you will discover how to use AFL++ and other fuzzers to operate fuzzing on binaries where you're not in a position to recompile and modify the source code.

More videos will come in the future so don't forget to accept emails communication to be aware of when new videos will arrive. If you want to make any proposal, please contact me using the website chatbox or by mail at fuzzinglabs@gmail.com.

1. Binary-only Fuzzing using AFL++ QEMU mode

In this really basic course, I will use AFL++ to fuzz an already compiled binary. I will first explain how afl++ QEMU mode is working and why it's impacting the performance. Then, we will fuzz the pdfinfo binary and we will improve the coverage by providing additional pdf files into the corpora.

2. Honggfuzz QEMU-mode & Hardware-based coverage

In this video, I will use both honggfuzz QEMU mode and honggfuzz Hardware-based coverage to fuzz a compiled binary. I will explain how those modes are working, fuzz the pdfinfo binary with QEMU mode and then fuzz it with hardware-based coverage mechanisms.

3: AFL/AFL++ VS Honggfuzz, who is the best?

In this video, I'm discussing why AFL/AFL++ is better than Honggfuzz for BlackBox fuzzing. We will go through some Google FuzzBench results and see which other AFL++ modes can be used for fuzzing binary-only targets.

4. Binary-only fuzzing using AFL++ FRIDA mode

In this video, I will use the new FRIDA mode of AFL++ that allows binary-only fuzzing using Frida for instrumentation. I will show how to install this new mode and quickly compare the performance against QEMU mode.

5. E9AFL - How to Fuzz Binaries w/o Recompilation using Static Binary Rewriting?

In this video, I will discover a new tool called e9afl. E9AFL allows us to insert the AFL instrumentation without recompilation via static binary rewriting. I will show you how to install this tool and how to use it. Finally, I will compare the result and performance against AFL++ QEMU mode.

6. How to generate millions of files using Grammar-based fuzzing (FormatFuzzer)

In this video, I'm testing a new grammar-based fuzzer named FormatFuzzer. This fuzzer leverages 010 editor templates to generate valid or pseudo-valid files. The tool is really nice, easy to use, and allows you to create a corpus of millions of interesting files.

What's included?

Binary-only Fuzzing using AFLplusplus Qemu mode

In this really basic course, I will use AFL++ to fuzz an already compiled binary. I will first explain how afl++ QEMU mode is working and why it's impacting the performance. Then, we will fuzz the pdfinfo binary and we will improve the coverage by providing additional pdf files into the corpora.

Video: Complete step-by-step tutorial

Cheatsheet : All the commands for the tutorial

2 KB

blackbox_fuzzing_afl_plusplus.zip

118 MB

Honggfuzz QEMU-mode & Hardware-based coverage

In this video, I will use both honggfuzz QEMU mode and honggfuzz Hardware-based coverage to fuzz a compiled binary. I will explain how those modes are working, fuzz the pdfinfo binary with QEMU mode and then fuzz it with hardware-based coverage mechanisms.

Video: Complete step-by-step tutorial

Cheatsheet : All the commands for the tutorial

1.68 KB

blackbox_fuzzing_honggfuzz_qemu.zip

61.1 MB

AFL/AFL++ VS Honggfuzz, who is the best?

In this video, I'm discussing why AFL/AFL++ is better than Honggfuzz for BlackBox fuzzing. We will go through some Google FuzzBench results and see which other AFL++ modes can be used for fuzzing binary-only targets.

Video

Binary-only fuzzing using AFL++ FRIDA mode

In this video, I will use the new FRIDA mode of AFL++ that allows binary-only fuzzing using Frida for instrumentation. I will show how to install this new mode and quickly compare the performance against QEMU mode.

Video: Complete step-by-step tutorial

Cheatsheet : All the commands for the tutorial

1.93 KB

blackbox_fuzzing_frida_fuzz.zip

189 MB

E9AFL - How to Fuzz Binaries w/o Recompilation using Static Binary Rewriting?

In this video, I will discover a new tool called e9afl. E9AFL allows us to insert the AFL instrumentation without recompilation via static binary rewriting. I will show you how to install this tool and how to use it. Finally, I will compare the result and performance against AFL++ QEMU mode.

Video: Complete step-by-step tutorial

Cheatsheet : All the commands for the tutorial

2.32 KB

blackbox_fuzzing_e9afl_aflplusplus.zip

181 MB

How to generate millions of files using Grammar-based fuzzing (FormatFuzzer)

In this video, I'm testing a new grammar-based fuzzer named FormatFuzzer. This fuzzer leverages 010 editor templates to generate valid or pseudo-valid files. The tool is really nice, easy to use, and allows you to create a corpus of millions of interesting files.

Video: Complete step-by-step tutorial

Cheatsheet_formatfuzzer_testing.md

4.42 KB

formatfuzzer_testing.zip

21.7 MB

Meet Your Instructor

Hey! 👋 My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

You can read more about me by clicking here.

X Linked_in Youtube Website Mail

FREE Resources & Trainings

Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. 👇