Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)

67.501 Lượt nghe

00:00

Update Required To play the media you will need to either update your browser to a recent version or update your Flash plugin.

Tải MP3

MÔ TẢ MP3TIẾP THEO

Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)

A guide on how to do fuzzing with AFL++ in an attempt to rediscover the libwebp vulnerability CVE-2023-4863 that was used to hack iPhones.

Want to learn hacking? Signup to https://hextree.io (ad)
Buy my shitty font: https://shop.liveoverflow.com/ (ad)

Watch webp Part 1: https://www.youtube.com/watch?v=lAyhKaclsPM

Sudo Vulnerability Series: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Docker Video: https://www.youtube.com/watch?v=-YnMr1lj4Z8

OSS-Fuzz: https://github.com/google/oss-fuzz
OSS-Fuzz libwebp coverage: https://storage.googleapis.com/oss-fuzz-coverage/libwebp/reports/20230901/linux/src/libwebp/src/utils/report.html
AFLplusplus: https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/fuzzing_in_depth.md
vanhauser's blog: https://www.srlabs.de/blog-post/advanced-fuzzing-unmasks-elusive-vulnerabilities
vanhauser/thc on twitter: https://twitter.com/hackerschoice
AFLpluslus Persistent Mode: https://github.com/AFLplusplus/AFLplusplus/blob/0c054f520eda67b7bb15f95ca58c028e9b68131f/instrumentation/README.persistent_mode.md
Grab the code: https://github.com/LiveOverflow/webp-CVE-2023-4863

=[ ❤️ Support ]=

Find out how you can support LiveOverflow: https://liveoverflow.com/support/

=[ 🐕 Social ]=

→ 2nd Channel: https://www.youtube.com/LiveUnderflow
→ Twitter: https://twitter.com/LiveOverflow/
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: https://www.tiktok.com/@liveoverflow_
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Chapters:
00:00 - Intro
00:36 - How to Learn About Fuzzing?
02:36 - Setting Up Fuzzing With AFL++
04:53 - My Docker Workflow for Fuzzing
06:35 - AFL++ Different Coverage Strategies
09:50 - Start the libwebp Fuzzing Campaign
11:58 - Adjusting the Fuzzer
13:45 - Why Don't We Find a Crash?
15:49 - Fuzzing with AFL++ Persistent Mode
19:47 - Persistent Mode Fuzzing Results
20:46 - Finding the Vulnerability in 8s					

Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)

Nhạc Theo Chủ Đề

Liên kết website