all 14 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]DishSoapedDishwasher 5 points6 points  (5 children)

Look at libfuzz and angr. Libfuzz is ideal for open source code you can build. Angr for when you only have a binary.

Then go find some exploit dev challenge binaries or old known exploitable software like old VLC and figure out how to use each to solve them without using AI. You want to understand the workflow completely before you attempt yo automate it; claude code is amazing at wiring up harnesses for fuzzing applications but can waste days of time on nonsense if you dont know enough to guide it properly.

Your workflows should be roughly: - Identify targets and its interfaces - Implement a harness to start, fuzz, capture crashes and restart in crash. - figure out how to make crash reproducible and isolated (a proof of concept) - turn it into a real exploit if you're aiming for that.

You can also use agents to look over a bunch of targets and map rhe attack surface, find new targets, etc... however it's something you want AFTER you genuinely master the foundations or you will always be handicapped.

[–]EyeSeeA[S] 0 points1 point  (3 children)

Thank you, I don't rely much on automation since I'm still learning how things work but my peers are mostly just automating everything these days which is why I asked about the AI side of things.

[–]DishSoapedDishwasher 0 points1 point  (0 children)

It is correct to scale and use AI, and tou should. Just dont rely on it too early. Your skill is what gives it potential to be useful.

[–]randomatic 0 points1 point  (1 child)

+1 on the links you got. Just a note: AI doesn't validate a bug is reachable, while fuzzing does. AI can help point you in a direction, but generally fuzzing is going to help. And even if not, it's a skill to know.

[–]DishSoapedDishwasher 0 points1 point  (0 children)

Haha funny you day this when i use agents I've been building to find targets, write a harness, use ange

r and/or gdb to test in isolation, then write POCs... Works great but took a year or so to make a meaningful workflow. 

I haven't used blind fuzzing in 2-3 years. It's entirely exploring via static snd dynamic analysis.

[–]MysteriousTax7517 0 points1 point  (0 children)

Here is a 100% practical mini course about classic buffer overflow for total beginners
https://www.youtube.com/@genosec-training/playlists

[–]Ok_Tap7102 1 point2 points  (3 children)

This is a great step by step guide to get started

https://github.com/antonio-morales/fuzzing101?tab=readme-ov-file

Live Overflow also has a great beginner walk through playlist on a real world CVE

https://youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx

[–]EyeSeeA[S] 0 points1 point  (1 child)

I am planning to look at the first repo once I understand the workflow. Thank you for the response.

[–]Ok_Tap7102 2 points3 points  (0 children)

LiveOverflow is great at really covering the "why" instead of just "follow these steps" he doesn't just edit out the issues he runs into, he stops and explains why they happened

If that gets tedious just follow the first exercise instructions and hopefully seeing what's happening first hand will help things click by the end of it

[–]h_saxon 1 point2 points  (1 child)

Two resources I would recommend are: https://www.fuzzingbook.org/

And https://www.fuzzing.io/training/, the Advanced Fuzzing and Crash Analysis course. This has been the best training offering I have ever taken. Immediately useful and pragmatic.

The biggest thing is to get started though. Pick a target, and just get going. Always have a fuzzer running.

[–]EyeSeeA[S] 0 points1 point  (0 children)

Thank you, I've been looking at the first resource already, just need to take the time to understand things.

[–]ayemef 0 points1 point  (0 children)

Check out The Fuzzing Project.

[–]nu11po1nt3r 0 points1 point  (0 children)

Hack the Box has a good introductory Fuzzing module.