WinAFL – A fork of AFL for fuzzing Windows binaries

WinAFL is a fork of the original AFL for Windows operating system. AFL is a popular fuzzing tool for coverage-guided fuzzing. The tool combines fast target execution with clever heuristics to find new execution paths in the target binary. It has been successfully used to find a large number of vulnerabilities in real products.

WinAFL – A fork of AFL for fuzzing Windows binaries

Instead of instrumenting the code at compilation time, WinAFL relies on dynamic instrumentation using DynamoRIO to measure and extract target coverage. This approach has been found to introduce an overhead about 2x compared to the native execution speed, which is comparable to the original AFL in binary instrumentation mode.

WinAFL has been successfully used to identify bugs in Windows software, such as:

  • [Microsoft] CVE-2016-7212 – found by Aral Yaman of Noser Engineering AG
  • [Microsoft] CVE-2017-0073, CVE-2017-0190, CVE-2017-11816, CVE-2018-8472 – found by Symeon Paraschoudis
  • [Microsoft] CVE-2018-8494 – found by Guy Inbar (guyio)
  • [Microsoft] CVE-2018-8464 – found by Omri Herscovici of Check Point
  • [Microsoft] CVE-2019-0576 – found by Hardik Shah of McAfee
  • [Adobe] CVE-2018-4985, CVE-2018-5063, CVE-2018-5064, CVE-2018-5065, CVE-2018-5068, CVE-2018-5069, CVE-2018-5070, CVE-2018-12859, CVE-2018-12857, CVE-2018-12839 – found by Yoav Alon and Netanel Ben-Simon from Check Point Software Technologies
  • [Adobe] CVE-2018-12853, CVE-2018-16024, CVE-2018-16023, CVE-2018-15995 – found by Guy Inbar (guyio)
  • [Kollective Kontiki 10.0.1] CVE-2018-11672 – found by Maksim Shudrak from Salesforce
  • [Mozilla] CVE-2018-5177 – found by Guy Inbar (guyio)
  • [libxml2] CVE-2018-14404 – found by Guy Inbar (guyio)

You can read more and download the too over here: https://github.com/googleprojectzero/winafl

Share