Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)
A guide on how to do fuzzing with AFL++ in an attempt to rediscover the libwebp vulnerability CVE-2023-4863 that was used to hack iPhones.
Want to learn hacking? Signup to https://hextree.io (ad)
Buy my shitty font: https://shop.liveoverflow.com/ (ad)
Watch webp Part 1: • A Vulnerability to Hack The World - C...
Sudo Vulnerability Series: • Sudo Vulnerability Walkthrough
Docker Video: • How Docker Works - Intro to Namespaces
OSS-Fuzz: https://github.com/google/oss-fuzz
OSS-Fuzz libwebp coverage: https://storage.googleapis.com/oss-fu...
AFLplusplus: https://github.com/AFLplusplus/AFLplu...
vanhauser's blog: https://www.srlabs.de/blog-post/advan...
vanhauser/thc on twitter: / hackerschoice
AFLpluslus Persistent Mode: https://github.com/AFLplusplus/AFLplu...
Grab the code: https://github.com/LiveOverflow/webp-...
=[ ❤️ Support ]=
Find out how you can support LiveOverflow: https://liveoverflow.com/support/
=[ 🐕 Social ]=
→ 2nd Channel: / liveunderflow
→ Twitter: / liveoverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: / liveoverflow_
→ Instagram: / liveoverflow
→ Blog: https://liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
Chapters:
00:00 - Intro
00:36 - How to Learn About Fuzzing?
02:36 - Setting Up Fuzzing With AFL++
04:53 - My Docker Workflow for Fuzzing
06:35 - AFL++ Different Coverage Strategies
09:50 - Start the libwebp Fuzzing Campaign
11:58 - Adjusting the Fuzzer
13:45 - Why Don't We Find a Crash?
15:49 - Fuzzing with AFL++ Persistent Mode
19:47 - Persistent Mode Fuzzing Results
20:46 - Finding the Vulnerability in 8s
Watch video Finding The .webp Vulnerability in 8s (Fuzzing with AFL++) online without registration, duration hours minute second in high quality. This video was added by user LiveOverflow 22 January 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 62,099 once and liked it 2.4 thousand people.