An step by step fuzzing tutorial. A GitHub Security Lab initiative - antonio-morales/Fuzzing101
It goes without saying that being a Professional Penetration Tester is considered to be one of the “cooler” jobs in InfoSec. I mean, let’s be honest here - who wouldn’t want to break into buildings, and hack companies like Elliot from Mr. Robot, or carry out crazy hacks against banks and casinos like in the Oceans Series, all while doing it legally?
Not working is harder than I expected.
Fuzz testing is a technique for automatically uncovering bugs in software. The problem is that it’s a pain to set up. Read any fuzz testing tutorial, and the first task is an hour of building tools from source and chasing down dependencies upon dependencies. I recently found that Nix eliminates a lot of the gruntwork from fuzz testing. I created a Nix configuration that kicks off a fuzz testing workflow with a single command. The only dependencies are Nix and git.
It’s now been seven years since I quit my job at Google to become an indie founder. In the past year, I sold my company, started a family, and learned several new technologies.