[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dailydave
Subject:    [Dailydave] To DARPA, re CGC! CC: Everyone else! :)
From:       Dave Aitel <dave.aitel () gmail ! com>
Date:       2018-03-22 17:46:42
Message-ID: CAAVrE9R+Osaq-V+g_k1sZ32U4_0RGzsCnHmsjDcajJ_EtSzSFA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


So this experiment is super interesting. And there's a ton of great new
fuzzers coming out. AND I DARE YOU TO PROVE TO ME THAT SMT STUFF IS NOT
JUST A HUGE WASTE OF TIME BY REDOING THIS EXPERIMENT WITH THEM! :)

In particular Angora looks extremely good. The paper is well worth a read:
https://arxiv.org/abs/1803.01307

Also note: The metric we want between different fuzzers is, "what bugs does
this one find that others don't". I used to leave fuzzers running for weeks
at a time, and I'm always amused when the timeslots are so short. :(

c.f. http://moyix.blogspot.com/2018/03/of-bugs-and-baselines.html
(note that he does 1 hr for a lower bound.)

-dave


https://twitter.com/Zardus/status/974356926417879040

@Zardus
Replying to @daveaitel @moyix
I recently ran experiments on the full CGC corpus (232 single-CB bins),
with AFL+dictionary and Driller+dictionary. 6-core AFL: 106 crashes, 4-core
AFL + 2-core Driller == 111 crashes. 4-core AFL + 12-core driller == 118
crashes. I ran out of GCE budget to check 16-core AFL :-(

[Attachment #5 (text/html)]

<div dir="ltr"><div>So this experiment is super interesting. And there&#39;s a ton of \
great new fuzzers coming out. AND I DARE YOU TO PROVE TO ME THAT SMT STUFF IS NOT \
JUST A HUGE WASTE OF TIME BY REDOING THIS EXPERIMENT WITH THEM! \
:)</div><div><br></div><div>In particular Angora looks extremely good. The paper is \
well worth a read:  <a \
href="https://arxiv.org/abs/1803.01307">https://arxiv.org/abs/1803.01307</a></div><div><br></div><div>Also \
note: The metric we want between different fuzzers is, &quot;what bugs does this one \
find that others don&#39;t&quot;. I used to leave fuzzers running for weeks at a \
time, and I&#39;m always amused when the timeslots are so short. \
:(</div><div><br></div><div>c.f. <a \
href="http://moyix.blogspot.com/2018/03/of-bugs-and-baselines.html">http://moyix.blogspot.com/2018/03/of-bugs-and-baselines.html</a><br></div><div>(note \
that he does 1 hr for a lower \
bound.)</div><div><br></div><div>-dave</div><div><br></div><div><br></div><a \
href="https://twitter.com/Zardus/status/974356926417879040">https://twitter.com/Zardus/status/974356926417879040</a><br><div><div> \
<br></div><div>@Zardus</div><div>Replying to @daveaitel @moyix</div><div>I recently \
ran experiments on the full CGC corpus (232 single-CB bins), with AFL+dictionary and \
Driller+dictionary. 6-core AFL: 106 crashes, 4-core AFL + 2-core Driller == 111 \
crashes. 4-core AFL + 12-core driller == 118 crashes. I ran out of GCE budget to \
check 16-core AFL :-(</div></div></div>


[Attachment #6 (text/plain)]

_______________________________________________
Dailydave mailing list
Dailydave@lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic