[$] Fuzzing with american fuzzy lop

In September 2014 a serious securityvulnerability that became known as Shellshock was found in Bash, whichis the default shell in most Linux distributions. But it quickly turned outthat the initial fix for Shellshock was incomplete. Various other relatedbugs were found only days after the publication, amongst them twosevere vulnerabilities discovered by MichaA Zalewski from the Googlesecurity team. In the blog post, Zalewski mentioned that he had found thesebugs with a fuzzing tool that he wrote, which almost nobody knew back then: american fuzzy lop (afl).

Subscribers can click below for the full article by guest author Hanno Bick.