Please use this identifier to cite or link to this item:
Title: Practical fuzzing on open-source projects
Authors: Ng, Chun Kai
Keywords: Engineering::Computer science and engineering
Issue Date: 2022
Publisher: Nanyang Technological University
Source: Ng, C. K. (2022). Practical fuzzing on open-source projects. Final Year Project (FYP), Nanyang Technological University, Singapore.
Project: SCSE21-0926
Abstract: Hackers exploiting software vulnerabilities found in all software programs, resulting in unfavorable outcomes, which is a major concern in software security. This highlights the importance of patching such vulnerabilities before hackers can exploit them, which is a race against time. Zero-day exploits is one of such vulnerability. In this study, we perform fuzzing on a popular command line text editor, VIM, on the Ubuntu systems using the American Fuzzy Lop Plus Plus (AFL++). The goal of this project is to find crashes that may lead to a previously unknown vulnerability in the targeted program. The input files (seeds) contain multiple text files containing various special characters and languages. These input files were obtained from the internet as well as previously discovered Proof-of-Concept (POC) crashes from other users, but by changing the options used, the same POC will explore a different path in the code. This paper provides a detailed explanation, setup, and highlights the steps for the 9-11 month long fuzzing campaign. The reproducible crashes were analyzed and submitted to to notify the developers of the vulnerability.
Schools: School of Computer Science and Engineering 
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
fyp report.pdf
  Restricted Access
4.59 MBAdobe PDFView/Open

Page view(s)

Updated on Mar 3, 2024

Download(s) 50

Updated on Mar 3, 2024

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.