[intc]

Or perhaps you could write a blog post on how to use a fuzzer so we can all learn from your findings?

[jcims]

Something about this request gets under my skin like nothing I've read on HN in a very long time.

[tptacek]

It was weird. I decided to take it as a compliment. But as it's an unearned one, I think I probably won't write a blog post about it.

[intc]

Indeed it's a compliment. And also a humble request because I'm interested in this subject. Perhaps my way of expression was not the best? But I'll take some time to see what other resources are available there.

[tptacek]

I'm serious that you can read the (excellent) Quick Start for AFL, pick a C program (try recutils!) and get afl-fuzz running very quickly, and it's really sort of self-explanatory once it's running. It's a really well-built piece of software.

[cpach]

Sometimes people write strange things ¯\_(ツ)_/¯

[tptacek]

The Github page for afl-fuzz has a really excellent Getting Started doc.

[intc]

Sounds cool. Could you share the link to their official git repo?

[tptacek]

https://github.com/google/AFL

[intc]

Hmm. Doesn't look like very "hands on" to me (README.md). Or then I just couldn't find the document you mentioned in the previous post. But I guess one has to learn these things by trial and error then.

[ibotty]

It did not take me much time to find https://github.com/google/AFL/blob/master/docs/QuickStartGui... which I guess is the doc he referenced.

[xearl]

> Or then I just couldn't find the document you mentioned in the previous post.

There you go: https://github.com/google/AFL/blob/master/docs/QuickStartGui...

[cpach]

For those looking for tutorials; in addition to the one already linked, I’m quite sure there are quite a few decent YouTube videos about fuzzing with AFL.

[namibj]

https://llvm.org/docs/LibFuzzer.html might also be quite interesting due to the potentially significantly higher fuzzing speed (no fork(2) for each try).