Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/156539
Full metadata record
DC FieldValueLanguage
dc.contributor.authorNg, Lyon Hong Kaien_US
dc.date.accessioned2022-04-19T08:26:30Z-
dc.date.available2022-04-19T08:26:30Z-
dc.date.issued2022-
dc.identifier.citationNg, L. H. K. (2022). Finding instrumentable locations for fuzzing via static binary analysis. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/156539en_US
dc.identifier.urihttps://hdl.handle.net/10356/156539-
dc.description.abstractToday, the exploitation of vulnerabilities which exists in every software program is still prevalent, leading to unintended repercussions. This highlights the importance of eradicating the pre-existing vulnerabilities before they can be exploited by hackers. In this study, American Fuzzy Lop Plus Plus (AFL++) was the fuzzer used to fuzz programs on the ubuntu system. The objective of this project is to find crashes that might lead to the discovery of vulnerabilities which were not documented before. The input files (seeds) consisted of mp4 files and binary files which were obtained from go-fuzz-corpus seed bank, as well as from submitted Proof-of-Concept (POC) files by other users. This paper provides a detailed explanation and highlights the steps for the fuzzing campaign done through a period of 10-12 months on the Program Under Test (PUT) with the seeds mentioned above. The crash found was a reproducible crash and the information on the vulnerability has been submitted to huntr.dev to inform the developers of the program. With more work and time put into this campaign, we could provide a more detailed analysis on the vulnerability and provide a solution for it.en_US
dc.language.isoenen_US
dc.publisherNanyang Technological Universityen_US
dc.subjectEngineering::Computer science and engineeringen_US
dc.titleFinding instrumentable locations for fuzzing via static binary analysisen_US
dc.typeFinal Year Project (FYP)en_US
dc.contributor.supervisorLiu Yangen_US
dc.contributor.schoolSchool of Computer Science and Engineeringen_US
dc.description.degreeBachelor of Engineering (Computer Science)en_US
dc.contributor.supervisoremailyangliu@ntu.edu.sgen_US
item.grantfulltextrestricted-
item.fulltextWith Fulltext-
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)
Files in This Item:
File Description SizeFormat 
FYP_Final_Report_LyonNgHongKai_U1920429G.pdf
  Restricted Access
3.77 MBAdobe PDFView/Open

Page view(s)

29
Updated on Jun 27, 2022

Download(s)

6
Updated on Jun 27, 2022

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.