Fuzzing with American Fuzzy Lop, Address Sanitizer and LibFuzzer
This workshop will give an introduction to bug finding techniques targeted at C/C++ code.
The participants will learn to use Address Sanitizer and other sanitizer features from gcc and clang under Linux. They will also get an introduction to the fuzzing tools American fuzzy lop and libfuzzer.
Address Sanitizer is a compiler feature that can find various memory corruption issues like buffer overflows and use after free errors.
American fuzzy lop and libfuzzer are instrumentation-based fuzzing tools that have uncovered a large number of bugs in the past.
Participants should bring a laptop that is either running a linux distribution with a current version of gcc (at least 4.9) or can run a virtual machine with such a system. (A virtual machine image can be provided if needed.) Participants should have at least a basic understanding of C coding and know how to compile applications under Linux.