[Dailydave] To DARPA, re CGC! CC: Everyone else! :)
Dave Aitel
dave.aitel at gmail.com
Thu Mar 22 17:46:42 UTC 2018
So this experiment is super interesting. And there's a ton of great new
fuzzers coming out. AND I DARE YOU TO PROVE TO ME THAT SMT STUFF IS NOT
JUST A HUGE WASTE OF TIME BY REDOING THIS EXPERIMENT WITH THEM! :)
In particular Angora looks extremely good. The paper is well worth a read:
https://arxiv.org/abs/1803.01307
Also note: The metric we want between different fuzzers is, "what bugs does
this one find that others don't". I used to leave fuzzers running for weeks
at a time, and I'm always amused when the timeslots are so short. :(
c.f. http://moyix.blogspot.com/2018/03/of-bugs-and-baselines.html
(note that he does 1 hr for a lower bound.)
-dave
https://twitter.com/Zardus/status/974356926417879040
@Zardus
Replying to @daveaitel @moyix
I recently ran experiments on the full CGC corpus (232 single-CB bins),
with AFL+dictionary and Driller+dictionary. 6-core AFL: 106 crashes, 4-core
AFL + 2-core Driller == 111 crashes. 4-core AFL + 12-core driller == 118
crashes. I ran out of GCE budget to check 16-core AFL :-(
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20180322/224f3b10/attachment.html>
More information about the Dailydave
mailing list