Skip to content
Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
lessons Fix typo in lesson 11 (issue #4). Oct 13, 2017
.gitignore Add pcre2 fuzzer and two different versions of sources as lesson 10. Nov 17, 2016
LICENSE Change some wording. Mar 18, 2017 Update Nov 17, 2016


Materials of "Modern fuzzing of C/C++ Projects" workshop.

The first version of the workshop had been presented at ZeroNights'16 security conference.


  • 2-3 hours of your time
  • Linux-based OS
  • C/C++ experience (nothing special, but you need to be able to read, write and compile C/C++ code)
  • a recent version of clang compiler. Distributions from package managers are too old and most likely won't work (the workshop called "modern", right?), you have two options:
    • checkout llvm repository and build it yourself. To make it easy, feel free to use script, it has been tested on clean Ubuntu 16.04
    • a VirtualBox VM with working environment is available, credentials: fuzzer:zeronights
  • sudo apt-get install -y make autoconf automake libtool pkg-config zlib1g-dev

Fuzzing experience is not required.


  1. An introduction to fuzz testing
  2. An example of traditional fuzzing
  3. Coverage-guided fuzzing
  4. Writing fuzzers (simple examples)
  5. Finding Heartbleed (CVE-2014-0160)
  6. Finding c-ares $100,000 bug (CVE-2016-5180)
  7. How to improve your fuzzer
  8. Fuzzing libxml2, learning how to improve the fuzzer and analyze performance
  9. Fuzzing libpng, learning an importance of seed corpus and other stuff
  10. Fuzzing re2
  11. Fuzzing pcre2
  12. Chromium integration & homework assignment

Most of the examples have been taken from libFuzzer tutorial and Fuzzer Test Suite.



Building libFuzzer is extreemly easy:

cd libFuzzer


You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.