Skip to main content



Domain-Specific Fuzzing with Waypoints using FuzzFactory

Recently I started learning about Fuzzing using American Fuzzy Lop aka AFL. While reading and improving my skills about coverage-guided fuzzer i.e; AFL, I got know about FuzzFactory which generalizes coverage-guided fuzzing to domain-specific testing goals. FuzzFactory allows users to guide the fuzzer's search process without having to modify anything in AFL's search algorithm.
Entire crux of Fuzzfactory lies on concept called WayPoints i.e; intermediate inputs that are saved during the fuzzing loop. These inputs need not increase code coverage, but they are saved because they make some sort of domain-specific progress. FuzzFactory's LLVM-based domain-specific instrumentation currently supports six domain-specific feedback methods slow, perf, mem, valid, cmp, diff deduced from various fuzzer's.
Lets get try to fuzz XpdfReader using FuzzFactory.
Firstly you need to git clone the FuzzFactory from the official repository. Then compile the xpdfReader using afl-clang-fast …

Latest posts

RDP Hijacking

CloudGoatChallenges - RCE Web App

PrivExchange : One Hop away from Domain Admin

Bypassing PaloAlto Traps EDR Solution

BloodHound 2.0 walkthrough on Kali 2018

Mapping Network using Sharphound

Active Directory Attack - DCSync

Active Directory Attack - DCShadow

Machine Accounts in Pentest Engagement

LAPS Auditing for Pentesters