Friday December 25th

Friday December 18th

Thursday December 3rd

Tuesday December 1st

Monday November 16th

Sunday November 15th

Friday November 6th

Tuesday November 3rd

Wednesday October 14th

1 Kicks

How to fuzz a server with American Fuzzy Lop

American Fuzzy Lop (AFL) is an open source, coverage-assisted fuzz testing tool developed by Michał Zalewski of Google. In a nutshell, it feeds intelligently crafted input to a program that exercises corner cases and finds bugs in a target program. In this blog post, I'll describe how to use AFL's experimental persistent mode to blow the doors off of a server without having to make major modifications to the server's codebase. I've used this technique at Fastly to expand testing in some of the servers that we rely on and others that we are experimenting with. Throughout this post, I'll use the open source Knot DNS with a basic configuration as a running example, but the technique is applicable to other servers and long running processes as well.


Commenting on Stories is limited for now and will open up to those recommended by the community. Learn how
Loading InfoSecKicks...
brought to you by the Kicks Network