diff options
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | docs/guided_fuzzing.md | 25 |
2 files changed, 2 insertions, 27 deletions
diff --git a/README.md b/README.md index 7a6098e5..db6a70b5 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ Here is some information to get you started: ## Building and installing AFL++ -To install AFL++ with everything compiled, pull the image directly from the Docker Hub: +To have AFL++ easily available with everything compiled, pull the image directly from the Docker Hub: ```shell docker pull aflplusplus/aflplusplus @@ -43,7 +43,7 @@ docker run -ti -v /location/of/your/target:/src aflplusplus/aflplusplus This image is automatically generated when a push to the stable repo happens (see [docs/branches.md](docs/branches.md)). You will find your target source code in `/src` in the container. -To build AFL++ yourself, continue at [docs/building_installing.md](docs/building_installing.md). +To build AFL++ yourself, continue at [docs/INSTALL.md](docs/INSTALL.md). ## Quick start: Fuzzing with AFL++ diff --git a/docs/guided_fuzzing.md b/docs/guided_fuzzing.md deleted file mode 100644 index 44fd44a4..00000000 --- a/docs/guided_fuzzing.md +++ /dev/null @@ -1,25 +0,0 @@ -# Challenges of guided fuzzing - -Fuzzing is one of the most powerful and proven strategies for identifying -security issues in real-world software; it is responsible for the vast -majority of remote code execution and privilege escalation bugs found to date -in security-critical software. - -Unfortunately, fuzzing is also relatively shallow; blind, random mutations -make it very unlikely to reach certain code paths in the tested code, leaving -some vulnerabilities firmly outside the reach of this technique. - -There have been numerous attempts to solve this problem. One of the early -approaches - pioneered by Tavis Ormandy - is corpus distillation. The method -relies on coverage signals to select a subset of interesting seeds from a -massive, high-quality corpus of candidate files, and then fuzz them by -traditional means. The approach works exceptionally well but requires such -a corpus to be readily available. In addition, block coverage measurements -provide only a very simplistic understanding of the program state and are less -useful for guiding the fuzzing effort in the long haul. - -Other, more sophisticated research has focused on techniques such as program -flow analysis ("concolic execution"), symbolic execution, or static analysis. -All these methods are extremely promising in experimental settings, but tend -to suffer from reliability and performance problems in practical uses - and -currently do not offer a viable alternative to "dumb" fuzzing techniques. \ No newline at end of file |