The total fuzzer mark is out of 50.

  • 10 marks for the Midpoint Checkin.
  • 30 marks for the final fuzzer
  • 10 marks for the final writeup

The marks breakdown for the fuzzer is as follows (/50 marks)

 

Midpoint Submission (10 marks)

  • [6] Finding all vulnerabilities in the 2 provided binaries.
  • [4] 1/2 page description of fuzzer functionality/design so far (writeup.md).

General Fuzzer (10 marks)

  • [5] Finding all vulnerabilities in the 11 provided binaries and all hidden binaries.
  • [5] Writing test vulnerable binaries to test your fuzzer

Fuzzer functionality (10 marks)

  • [5] Mutation Strategies
    • Basic (bit flips, byte flips, known ints)
    • Intermediate (repeated parts, keyword extraction, arithmetic)
    • Advanced (coverage based mutations)
  • [5] Understanding & manipulating file formats (file headers/names, data structures, etc)
    • Basic (JSON, CSV, XML)
    • Intermediate (JPEG, ELF)
    • Advanced (PDF)

Harness Functionality (10 marks)

  • [2] Detecting the type of crash
  • [2] Detecting Code Coverage
  • [2] Avoiding overheads
    • Not creating files
    • In memory resetting (Not calling execve)
  • [2] Useful logging / statistics collection and display
  • [2] Detecting Hangs / Infinite loops
    • Detecting infinite loop (code coverage) vs slow running program (timeout approach)

Something awesome (6 marks)

Can be either of:

  • Something cool your fuzzer does (consult course staff to see if your thing is valid).
  • Finding novel / non-trivial bugs in Public Software / OSS Software with your fuzzer.

Documentation (10 marks)

The documentation/writeup for the final fuzzer is worth 10 marks. Marks are awarded based on detail and conciseness of your writeup.

 

Partial marks will be rewarded at the discretion of the marker if you miss some vulnerabilities.