tags:fuzzingmethodology original link: Meta Bug Bounty: Fuzzing “netconsd” for fun and profit newsletter link: exploits.club Weekly Newsletter 36 - Regex Fuzzing, C++ Metadata, Kernel Streaming, And More
Exploits Club Summary:
Two nice, bite-sized fuzzing posts from @Fady_Othman detailing his fuzzing journey with netconsd. Part 1 starts with a quick explanation of the motivations behind the project before reviewing how to find the relevant packet parsing code. From there, he gets a harness set up and lets the fuzzer start running. Part 2 walks through improving the fuzzer with additional insight into how the target itself actually works. Future parts are expected to cover a heap overflow the fuzzer found, so we look forward to that.