diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/README.md b/README.md index edd1a440..19d3a866 100644 --- a/README.md +++ b/README.md @@ -261,6 +261,9 @@ Here are some good writeups to show how to effectively use AFL++: * [https://securitylab.github.com/research/fuzzing-sockets-FTP](https://securitylab.github.com/research/fuzzing-sockets-FTP) * [https://securitylab.github.com/research/fuzzing-sockets-FreeRDP](https://securitylab.github.com/research/fuzzing-sockets-FreeRDP) * [https://securitylab.github.com/research/fuzzing-apache-1](https://securitylab.github.com/research/fuzzing-apache-1) + +If you do not want to follow a tutorial but rather try an exercise type of +training then we can highly recommend the following: * [https://github.com/antonio-morales/Fuzzing101](https://github.com/antonio-morales/Fuzzing101) If you are interested in fuzzing structured data (where you define what the @@ -469,6 +472,13 @@ compiler is used. Also - if possible - you should always configure the build system such that the target is compiled statically and not dynamically. How to do this is described below. +The #1 rule when instrumenting a target is: avoid instrumenting shared +libraries at all cost. You would need to set LD_LIBRARY_PATH to point to +these, you could accidently type "make install" and install them system wide - +so don't. Really don't. +**Always compile libraries you want to have instrumented as static and link +these to the target program!** + Then build the target. (Usually with `make`) **NOTES** |