Tutorials

If you are a total newbie, try this guide:

• https://github.com/alex-maleno/Fuzzing-Module

Here are some good write-ups to show how to effectively use AFL++:

• https://aflplus.plus/docs/tutorials/libxml2_tutorial/
• https://bananamafia.dev/post/gb-fuzz/
• https://bushido-sec.com/index.php/2023/06/19/the-art-of-fuzzing/
• https://securitylab.github.com/research/fuzzing-challenges-solutions-1
• https://securitylab.github.com/research/fuzzing-software-2
• https://securitylab.github.com/research/fuzzing-sockets-FTP
• https://securitylab.github.com/research/fuzzing-sockets-FreeRDP
• https://securitylab.github.com/research/fuzzing-apache-1
• https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/

If you do not want to follow a tutorial but rather try an exercise type of training, then we can highly recommend the following:

• https://github.com/antonio-morales/Fuzzing101

A good workflow overview (like our fuzzing_in_depth.md):

• https://appsec.guide/docs/fuzzing/c-cpp/aflpp/

Here is a good workflow description (and tutorial) for qemu_mode:

• https://airbus-seclab.github.io/AFLplusplus-blogpost/

Here is good workflow description for frida_mode:

• https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html

If you are interested in fuzzing structured data (where you define what the structure is), these links have you covered (some are outdated though):

• libprotobuf for AFL++: https://github.com/P1umer/AFLplusplus-protobuf-mutator
• libprotobuf raw: https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator
• libprotobuf for old AFL++ API: https://github.com/thebabush/afl-libprotobuf-mutator
• Superion for AFL++: https://github.com/adrian-rt/superion-mutator

For a very in-depth explanation on how AFL++ works check out: https://blog.ritsec.club/posts/afl-under-hood/

Video Tutorials

• Install AFL++ Ubuntu
• [Fuzzing with AFLplusplus] Installing AFLPlusplus and fuzzing a simple C program
• [Fuzzing with AFLplusplus] How to fuzz a binary with no source code on Linux in persistent mode
• Blackbox Fuzzing #1: Start Binary-Only Fuzzing using AFL++ QEMU mode
• HOPE 2020 (2020): Hunting Bugs in Your Sleep - How to Fuzz (Almost) Anything With AFL/AFL++
• How Fuzzing with AFL works!
• WOOT '20 - AFL++ : Combining Incremental Steps of Fuzzing Research

If you find other good ones, please send them to us :-)