Finding BUGS in Golang Library using Fuzz testing (go-fuzz & libFuzzer) - Go Security

preview_player
Показать описание

In this course, I will first select a popular Golang library and identify the most interesting methods to fuzz. Then, I’ll explains how to use go-fuzz and libfuzzer to compile our fuzzing target. Finally, I’ll show how to run the fuzzer.

#Fuzzing #Golang #gofuzz

0:00 Find which package to fuzz (gif package)
0:34 Find which function to fuzz (decode)
1:10 Description of go-fuzz
2:31 Create the fuzzing hardness for go-fuzz
3:19 Compile and run the fuzzer
5:34 Libfuzzer options/arguments
6:33 Going deeper (go-fuzz slides)

📡 Socials:

Keyword: Fuzzing, Fuzz Testing, Go, Golang, go-fuzz, gofuzz, libFuzzer
  1. FuzzingLabs
  2. gofuzz
  3. go-fuzz
  4. go fuzz
  5. go-fuzz tutorial
  6. fuzzing golang
Рекомендации по теме
Finding BUGS in 0:07:12

Finding BUGS in Golang Library using Fuzz testing (go-fuzz & libFuzzer) - Go Security

How I found 0:11:29

How I found 3 bugs in Google’s Go code using Fuzzing (go-fuzz) - Go Security #2

Go Fuzz Testing 0:04:48

Go Fuzz Testing - Automate bug searching

Uncover Unknown Bugs 0:48:30

Uncover Unknown Bugs With Fuzzing in Go - Sagar Sonwane

$3,133.70 XSS in 0:06:10

$3,133.70 XSS in golang's net/html library - My first Google bug bounty

Teaching Computers to 0:30:03

Teaching Computers to detect API bugs / Anthony Alaribe @ GDG Berlin Golang 04/2022

Find bugs and 0:14:54

Find bugs and edge cases with Fuzz Testing

GTAC 2016: Finding 0:16:19

GTAC 2016: Finding Bugs in C++ Libraries Using LibFuzzer

Mark Shannon - 0:40:20

Mark Shannon - Finding bugs for free: The magic of static analysis.

Automated Bug Finding 0:39:26

Automated Bug Finding with Fuzzing

Knowing the UnFuzzed 0:47:05

Knowing the UnFuzzed and Finding Bugs with Coverage Analysis - Mark Griffin (Shmoocon 2020)

Apple Will Pay 0:00:49

Apple Will Pay Hackers $1,000,000 For This Bug Bounty 😳

Do You Kill 0:00:56

Do You Kill These Bugs?

Fuzzing Session: Finding 0:38:51

Fuzzing Session: Finding Bugs and Vulnerabilities Automatically - David Korczynski & Adam Korczy...

David Ashby on 1:23:48

David Ashby on Understanding Real-World Concurrency Bugs in Go [PWL NYC]

Most web devs 0:00:10

Most web devs struggle to find bugs without syntax highlighting! Can you find the bugs?

Abusing this Keqing 0:01:19

Abusing this Keqing bug to get secret out of bounds achievement

Finding hard to 0:06:50

Finding hard to find bugs with Address Sanitizer - Marshall Clow - Meeting C++ 2019

Hidden Camera Detector 0:00:20

Hidden Camera Detector & Bug Detector Machine | Finding Tool For Spy Camera #camera #hiddencamer...

Dockerized Bug Bounty 0:11:06

Dockerized Bug Bounty Automation Demo! (Automation Series)

Finding High and 0:11:09

Finding High and Critical 'Bugs' in Bug Bounty Programs

Bug House Hotel 0:07:47

Bug House Hotel at Home Looking For Bugs!

Remote Code Execution 0:10:45

Remote Code Execution bug found in Popular Node.js changelog library (I go through the code)

Finding a Bug 0:00:58

Finding a Bug in the Power Automate Flow and Correcting it

Комментарии
Автор

Source code and materials available here ;)

fuzzinglabs
Автор

I've been waiting for content on random testing with Go. Thank you for sharing!

joaowiciuk
Автор

I tried following along but it didn't work, couldn't get fuzzing to run. I think it must be my env that's set up wrong. Could you possibly share your go env settings and install location?

grover-