Project Triforce: Run AFL on Everything (opens in new tab)

(nccgroup.trust)

72 pointsmytummyhertz9y ago16 comments

16 comments

dantillberg9y ago

What's AFL? "american fuzzy lop" / http://lcamtuf.coredump.cx/afl/

mickgardner9y ago

I really wanted this to be about Australian Rules Football...

CGamesPlay9y ago

I really want AFL to be able to run on arbitrary VMs (specifically, I want to run AFL on my rails application).

Are there plans to add pluggable tracing modules to AFL?

mytummyhertzOP9y ago

checkout the details of the project, the idea is that you can run AFL on arbitrary VMs (like your rails VM)! just need to have your test cases, your userland harness, and the addresses to monitor for "panics"

CGamesPlay9y ago

AFL can fuzz ruby by running ruby on arbitrary inputs. This tests that paths through the ruby interpreter are being stressed.

AFL cannot fuzz ruby code using the same mechanism, because it does not have the right level of insight. AFL can't detect if a branch in my ruby code was tested, only that the code for `if` in the core ruby interpreter has been tested both ways. For this reason, in order to properly test interpreted code, you need to add the AFL instrumentation at the ruby layer, not the native layer.

I don't think AFL currently supports this, and I don't think this project actually enables it. But I would be happy to be corrected!

2 more replies

softblush9y ago

https://web.archive.org/web/20160627201122/https://www.nccgr...

616c9y ago

So I am still reading through their Linux container security paper, and I like their stuff, but who are these NCC people? In the last few months I have seen multiple postings on their papers and blog posts, seemingly out of nowhere, never having heard of them pry to the container paper.

dyn-9y ago

Glad to hear it. As mytummyhertz said, NCC Group (where we both work) is made up in the US from iSEC Partners, Matasano Security and Intrepidus Group consultancies (who were all purchased by NCC Group in the last few years). In the UK it's primarily NGS. iSEC Partners/Matasano/Intrepidus Group/NGS have published research/security presentations/tools (sslyze) etc for years.

616c9y ago

I am kind of new to the infosec scene. I was curious because your stuff seems thorough, but the new TLD domain made me wonder where you all came from, like rebranding or something else. Sounds like a little column A, little column B.

My favorite quick security tool on Linux is firejail, which uses seccomp-bpf under the hood. So I was quite excited to see in your container paper discussion of that and the interaction of Linux subsystems I do not really grok.

Keep up the good work. Obviously not all for me, but I benefit. :-)

1 more reply

mytummyhertzOP9y ago

NCC = matasano + iSec + intrepidus group

616c9y ago

Thanks. That explains some things.

1 more reply

j / k navigate · click thread line to collapse