Prj week 1.md

Prj week 10.md

Prj week 11.md

Prj week 12.md

Prj week 2.md

Prj week 3.md

Prj week 4 - seminar prep.md

Prj week 4.md

Prj week 5.md

Prj week 6.md

Prj week 7.md

Prj week 8.md

Prj week 9.md

content


project brainstorming, what can we do for prj

-server
-client
-router/firewall - pfsense - 2 network ports

3 computers from nmit, + switch, cables, harddrives

-attacker - laptop

-network switch
-cables

have fallbacks to be able to reset 3 computers if they get too infected.

**corp policies around cybersec**

setting up a mock network at home to then perform various attacks on, researching attacks and preventation methods and performing them to show what it can do or what can be lost. could do like before/after - so without any security, protocols, what can happen if a network is attacked.
then after security has been put in place, with the same attacks.
i feel like this is more something that i would develop more as it goes along, especially with testing my own limits of what i can do. still an outline is necessary for proposal.

* your proposal should be clear and concise (3-4 pages maximum) you should address your proposal to the BIT Project Committee as a formal memo style document
* the goal of your project and how you are going to achieve that goal needs to be VERY clearly stated
* make sure that what you are proposing is possible in the time and with the skills you have, i.e. that it is realistic
* to include ALL the costs that you think you might need.

---

cannot do this subject anymore, as its networking related and project must be in the area of my stupid major, software development. looking into some possible topics that i could turn into a project.

 > 
 > application security products that find vulnerabilities in code
 > A cybersecurity analyst detects cyber threats and then implements changes to protect an organization.

 > 
 > To conduct software security testing, it is necessary to establish a baseline so that any future changes can be measured and compared to the original baseline. To accomplish this, it is necessary to develop an attack surface map of the battlefield. It is necessary to define the points of entry into the software, such as the use of HTTP headers or user display forms and the use of run-time arguments because these are attack vectors that an attacker can leverage. In addition, aside from the ingress and egress of data and the numerous methods that a program can employ for input, processing, and output, it is beneficial for the developer to ask, “How will the attacker view the code?” which may provide additional insight to the developer in code review for security purposes.
 > Another tool that can assist developers in mitigating security issues in developed code is the use of vulnerability scanning tools such as Abby Scan, AppScan, and many others listed on the OWASP website (OWASP, n.d.). Once an attack surface map has been created, it is necessary to assign a priority ranking to high-risk areas to identify and address them. Security-conscious programming requires the use of a configuration management process, the establishment of a baseline for program security, and the use of an attack surface map to prioritize the risks that must be addressed.

 > 
 > building a web app to break such simple encryption; later on, move on to complex concepts. Your software interface should have a space for the input text, a drop option to choose the ‘Shift,’ and a space for the output text, which will be the cipher decoded text. The example is shown below:

![](https://www.upgrad.com/blog/wp-content/uploads/2020/10/Untitled-4.jpg)

http://practicalcryptography.com/ciphers/caesar-cipher/

 > 
 > creating your own antivirus. To start the projects, first, you need to define the methods of protection that you’re going to develop, and select platforms that your software will support. For instance, macro-protection for Windows can be written in VBScript

 > 
 > Building a packet sniffer is an opportunity to practice networking and programming skills. You can create a simple packet sniffer in Python with a socket module. After configuring your socket module to capture packets from the network, you’ll write Python scripts to extract those captured packets.

 > 
 > Data recovery skills are vital to cyber incident response, as malware can corrupt, destroy, or manipulate data. [Ransomware attacks](https://www.springboard.com/blog/cybersecurity/common-cybersecurity-terms/) encrypt a victim’s data and demand payment for decrypting the files.
 > Outline a ransomware data recovery procedure to practice data retrieval skills. Focus on restoring the affected systems from a backup. Next, build a plan for using data recovery tools to extract corrupted or deleted data from storage devices.

### Documentation

Robust documentation is necessary to communicate cybersecurity protocols and build effective cybersecurity policies. When conducting risk assessments and audits, cybersecurity professionals must document their methodologies, findings, analyses, and recommendations. Consistent, straightforward documentation of incident response procedures is also necessary to mount a successful cyber incident response.

### Coding 

Programming skills are necessary to detect vulnerabilities, conduct malware analysis, automate security tasks, and remediate cybersecurity risks. Coding is a particularly important skill for mid-level and upper-level cybersecurity professionals, and helps advanced professionals understand system architecture. Coding skills are also central to cryptography. 

### Cryptography

Cybersecurity professionals use cryptography to secure data and communications. In the event of a data breach, this encryption ensures the security of an organization’s private data. To perform cryptography, you’ll need to be able to design algorithms, ciphers, and other security measures that encode and protect sensitive data.

### Network Oversight

Network security encompasses hardware and software protocols. Cybersecurity professionals use networking skills to protect networked systems and ensure reliable, authorized access to applications and data that facilitate key business operations.

### Testing and Identifying Threats

Threat identification is a critical component of any risk management strategy. Common cybersecurity threats include malware, phishing, and ransomware. Penetration tests and vulnerability assessments are used to identify the cybersecurity risks that these threats pose to an organization’s infrastructure. You’ll need testing and threat identification skills to execute security audits and make recommendations for vulnerability remediation

 > 
 > **Hacking a Computer Not Connected to the Internet.**
 > This will scare your classmates, if they don't already know about it, but it's a fact that even when a computer is not connected to the internet, it can transmit data through heat, vibrations, sound, and light. For this project, you will research how a hacker can steal information by means of a smartphone from an "air-gapped" computer not connected to the internet.

* Anomaly detection, intrusion and its prevention
* Stalking threats and instance responding
* Detecting or mitigating compromising indicators
* Intelligence analyzing factors of ethical, privacy and  legal
* Research on relevant Geopolitical Cyber security
* Cyber security data analytics
* Data demonstration, fusion and semantic modeling
* Forecasting models on cyber-attacks and control measures
* Intelligence in cyber threat
* Models that concern Deception and Improbability in cyber-attack acknowledgement
* Visualizing intelligence analysis and investigation techniques
* Cybercrime monetization and orchestration and automating security

 > 
 > practical application: scripted deployment of production instances w/ monitoring/detection suite and caldera on kali, automated operations for applicable abilities and scripted analysis of events/logs/alerts to validate and improve detection reliability.

 > 
 > more literature review/academic: study of the correlation between TTPs identified in attacks and coverage capabilities of popular endpoint/enterprise protection solutions. For bonus points, consider (1) disaggregating the data into key demographic groups like industry/sector, geography, size, etc. and (2) correlating to risk assessment considerations (e.g., which solution results in the greatest impact to risk? which solutions reduce risk the most per dollar spent for a given hypothetical situation?)

 > 
 > using machine learning to identify ransomware threat actors

* Word doc attachment -> opens a new process -> makes network connections
  \>A benign word doc normally shouldn’t be spawning off other processes that make network connections. So they train their model on safe/malicious scenarios, standard ML stuff.

 > 
 > signature based detection and automating a script to do more. Find a manual labor job ids does and try to automate it.

 > 
 > You can implement your own SIEM on your home network using SecOnion Linux distro. All you have to do is tap your network and push some device logs to Kibana and make some dashboards so you can monitor the traffic being logged
 > Well you can develop 400 hours of analytics and visualizations to compliment the setup and you can also perform vulnerability assessments using another device with openVAS installed. You can also install a MS 2019 server for free and configure your end points on the network in Active directory as well / push security policies out as long as the devices you are using have win 10 pro

 > 
 > writing your own honeypot

 > 
 > comparison of 2 SIEMs, their architecture, detection methods , and ease of use.
 > set one up on a vm and the other on physical environment with a hub. Then generate normal traffic and started following the cyber kill chain to generate malicious traffic. Also tested zero-days, phishing, shells, etc...

### Further ideas to research more

* contribute to open source project related to infosec, ir writing a plugin or developing on/improving/making a solution to a problem the application has
* fuzzing, writing your own fuzer or getting one, then using it with some kind of open source stuff and submitting a bug report if abnormal behaviour results.


Prj week 1

I was finishing off my other classes assignment for the start of the week, then continued on with writing my fuzzer.

Still following the projects, they did not work out of the box when writing my own so I had to do a lot of working out errors and finding out the correct ways to format things.
Also referring to the libafl documentation here:
https://docs.rs/libafl/latest/libafl/
This was typed up the week after I should have written it so thats why it lacks detail compared to some of the earlier posts.
Sorry theres no screenshots but I can say over the course of writing the fuzzer from scratch to having a working program, I had about 5 minutes realtime of nonstop scrolling worth of errors in the terminal that I had to figure out and fix.

At the end of this, I finally had a program that would build without errors. I shut my laptop for the week immediately after.


Prj week 10

When I opened my laptop after finishing the build from last week, I tried to run the fuzzer only to find there was more errors.
So I had to go over everything once more and fix up a lot more things to get this thing to actually run. This took quite a bit longer. I'm also writing this a few days after doing it rather than updating the journal at the same time, so it's not going to be indepth.

Once I had finally done (this was during class) I gave the fuzzer a test run and it performed nicely. 

The way it works is that there's two terminal windows you should open, one for doing the fuzzing and one is like an information broker that shows you the details of what it's doing.
To run:
`taskset -c 4 ./fuzzer`
for the broker
`taskset -c 6 ./fuzzer`
for the fuzzer

Once it causes some crashes, those files get generated in the timeouts folder.


Screenshot of it running

I'll also be using GDB to go over those files so I can prove that the correct vulnerability is the cause of crash, thereby achieving my project goal of building a fuzzer to target the CVE-2019-13288.

So to recap, this week I have been updating my journals for the weeks I missed writing about, fixing the fuzzer so it would run successfully, and with the next few days i'll run the corrupted files through GDB to verify the vulnerability, and start writing up my report.

I compiled xpdf again with debug info, so GDB can get a stack trace, at a different folder, since with the fuzzer it compiles xpdf itself within its script.
Commands for gdb:
`gdb --args $HOME/MEGAsync/Lvl7II/rust/xpdf/install/bin/pdftotext $HOME/MEGAsync/Lvl7II/rust/xpdf-fuzz/timeouts/f8ad5203f73dca30 $HOME/MEGAsync/Lvl7II/rust/xpdf-fuzz/output`  
`run`
`bt`

Running the file f8ad5203f73dca30 through GDB shows that it crashes with a segmentation fault. Looking at the backtrace we can see multiple calls to Parser::getObj in it, which confirms the vulnerability.



Prj week 11

First things first, I was advised to try out my corrupted file with a newer version of xpdf, since the vulnerability existed in an older version, I compiled the latest one, not without an hour or so of troubleshooting to get it to compile correctly of course.
Testing out the same file within gdb on the newer install resulted in no segmentation faults, but a large amount of syntax errors instead. See screenshot below.


So reading that, it seems to have been fixed.

This week i've started writing up my project report. on that note there isnt really anything much more i can write in my journal.


Prj week 12

# Notes

Metasploit frameworks have modules that can be used for fuzzing, can look at writing one for use within the toolset
https://www.offensive-security.com/metasploit-unleashed/writing-simple-fuzzer/

or not, cause the codes pretty much already there written. but its a good point to review their code and read explanation of what it does. could look at writing a custom one for use in msf. their libraries are good to use for stuff like that.

* <mark class="blue">see rex text</mark>

https://github.com/rapid7/metasploit-framework/blob/master/lib/rex.rb

https://www.youtube.com/watch?v=BrDujogxYSk&
https://www.youtube.com/user/gamozolabs/videos
video tutorial and fuzzing streams. ik you hate vids but sometimes its good to listen to ppl explain shit

start by programming to test out mutations and get outputs rather than straight up going for a target. see how well it can perform mutating some input. improve speeds by looking at scheduling the inputs for mutation.

two main components, mutations and execution engine
when picking a target try for ones that are built on older code so it has a higher chance or crashing or being buggy, this is what we want, to actually have some results to observe, rather than testing against something well-written that never breaks no matter how much you throw at it.

main function -> setup phase and then fuzzing loop
the loop is the part which will be executing shitloads of times so only code vital to what it needs to do should go in there.
inside the loop we write code for mutating the data, and running the target.

when mutating, start with data that is actually valid and mutate it from there- rather than something random
python has bit flipping? start with: flip a single bit at a time to mutate.
change one letter/number/byte to another. be aware of what the input considers valid (does it only take alphabetical characters?)
may need to write code to set the inputs up and feed them correctly to the target "harnessing"

feedback must be gathered from every input (see AFL's execution feedback)

https://github.com/grimm-co/killerbeez
https://github.com/AFLplusplus/LibAFL
projects that have made fuzzing framework with swappable components

record speeds to observe and cut down on any overheads.

test on svg files. older programs. inkscape?


Prj week 2

## Goals

* [x] Download and set up afl++ fuzzing tools
* [x] <sub>fix laptop bc i upgraded distro and it broke gnome shell</sub>
* [x] work through documentation on their website
* [x] work through tutorials on their website
* [x] research into what programs you can test on
* [x] pick target
* [x] do you know how to use the afl fuzzer?

\*Incomplete goals will be carried on into Week 4.

## Notes

run command: `cargo run`
build fuzzers from their folders: `cargo build --release`

### Crates

LibAFL is composed of different crates. A crate is an individual library in Rust's Cargo build system, that you can use by adding it to your project's `Cargo.toml`

### Corpus

set of inputs for the fuzzing target

### Components

* **State**
  * a container of data that evolves while the fuzzing proceeds. includes the corpus of inputs, current RNG, poetntial metadata of test cases and run. performs actions on individual inputs, taken from the corpus.
    * *Mutatational stage* executes the harness several times in a row, with mutated inputs each time
* **Event Manager**
  * handles events like adding more test cases to the corpus during fuzzing. displays info about events using an instance of Monitor
* **Fuzzer**
  * contains actions that alter the state. uses a Scheduler to serve testcases to the fuzzer
* **Executor**
  * runs the program under test. runs the harness function. takes references to harness, state, event manager
* **Generator**
  * generates a string of printable bytes
* **Observer**
  * records information about the properties of the run and feeds the fuzzer. uses a map to keep track of covered elements. goes in the executor
* **Feedback**
  * part of the state that rates the input to see if it's of interest to add it to the corpus. maintains the cumulative state of information.
    * *Objective feedback* is another kind of feedback which decides if an input is a 'solution', and saves it to solutions (./crashes) other than corpus, when the input has been rated as interesting

## Prog

I can't figure out how to make the other fuzzers run when i tried to compile and run a few that I chose at random out of the fuzzers that were included. I read the individual documentation on them however none of the code works or even the `-help` text that comes along with it. In the frida fuzzers, it tells me the usage but trying tons of options just all gives errors.

Instructions from the readme for frida


using `cargo run` instead because the full command ./frida... turned up red, there was no directory named that





`cargo run` by itself did nothing but display the help text, wanting parameters?



Figured out finally that you have to cd to target/release or target/debug to actually find the fuzzing script that works. then

`./frida_fuzzer -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so`

to run it. but it finishes with 0 executions, so have to figure out more of the arguments it takes to point it to the right path. The harness I see in my directory is just called harness.cc so trying with that arg instead.
I cant do it after trying a lot of options, and the process takes longer than a minute each time i test something out, so its not worth it for me to continue trying with this one.


Anyway, I completed the baby fuzzer and it ran successfully using the random input generator just by itself. The tutorial was not very specific in some parts, and copying in the code snippets often gave errors when trying to run it. I had to work these out for myself as compiler error text wasn't too helpful either. the code needed to be in a specific order and the tutorial also didn't tell you that, but it was able to run and generate crash logs in the folder too. The screenshots had a bit more debug log into printed out on the screen, and mine doesn't, but as far as I can see there is no mention of that in the tutorial either.


The one I wrote generates a bunch of random string characters and iterates through them. When the string matches 'abc', it crashes. The lowest number of executions I saw it take was 300, while the highest was 17,000 until it found the right combo.


3 different crash logs of the string that caused the panic.

The documentation beyond this point is too advanced and very hard to understand with a skim read. I need way way more basic instructions than what it's saying here, but at least doing the baby one has been successful.
Before picking a target, I need to research a lot more into different beginner tutorials to find out what other things than just inputting random numbers and crashing if a combination is reached - that they can do. Specifically on working with program runtimes, or file formats.


Prj week 3

Presentation 1 (near the start of the semester):

* The problem you're working on
* How you are approaching it
* Challenges you're facing

Each presentation should be 3-5 minutes, followed by 2 minutes of questions.

Each presentation is marked out of 5:

* 3 marks for the presentation

* 1 mark for asking a relevant question

* 1 mark for providing a relevant answer to a question.

* find a good slide presentation program for linux

The problem i'm working on right now is how to take the next steps after working through a basic fuzzer that performs random inputs, then triggers a crash when a string of letters is detected together at the start of that input.
I have to get to the next point of being able to write something more complicated, to get into fuzzing something like network protocols, api calls, file parsing, or encryption algos.

**Network protocols**
- this would invovle :

**API**
- this would involve:

**File parsing**
- this would involve:

**Encryption**
- this would involve:

Alternatively, I could use more than one of these approaches, in more than one program. This has yet to be determined and needs more research.

Challenges i'm facing currently are lack of focus and attention span lol. It's hard to sit down and work at this for longer than a couple of hours opposed to in my first couple of years where I could be working on something for like 8 hours straight up.
Also finding relevant starting points for complete beginners since this is something I have only just started to learn about. A lot of documentation and tools out there use fairly technical speak assuming people are somewhat experienced and understand what theyre doing. I need resources that can help me understand what i'm doing as I go. To this end, the documentation on the basic fuzzer I first learnt was the most helpful that i've found so far, as it explained every step of the way, but it's shortcoming was that it didn't cover anything beyond the most simple technique.


Prj week 4 - seminar prep

This week was spent research into things iI could actually do for my fuzzing in this project

* cve vuln database, what sort of fuzzing could trigger a vulnerability.
* we can fuzz input - validation - including attack vectors like sqls and xss
* file parsers - images, videos, audio - see how the application handles the files
* encryption and decryption algorithms? worth looking into a bit more see if its interesting
* APIs. find defects or vulns. everytime i see the word API i forget what it means, idk why i always forget. its like a thing that plugs data into third party stuff to extract certain data from the original thing right.
* network protocols: fuzzing can be used to test network protocols, such as TCP/IP, HTTP, FTP, and SMTP, for vulnerabilities. by sending malformed packets to the protocol's interface, you can find buffer overflows, denial of service (DoS) vulnerabilities, and other security issues. might also be interesting

Was hoping to find a program to target in this weeks stuff but I couldnt find much time to spend on it outside of reading/watching info about fuzzing. things take a suprisingly longer amount of time than you'd imagine.

I also have to prepare for my seminar upcoming next week so taken more time for that this week.

command line programs


Prj week 4

*Disclaimer for the week: nothing is ever simple and you can expect that mostly every step of trying to do something will be filled with errors that you'll have to spend a lot of time figuring out and fixing*

## The Vulnerability

I am going to be fuzzing the program [Xpdf](https://www.xpdfreader.com/index.html), looking to find the vulnerability [CVE-2019-13288](https://www.cvedetails.com/cve/CVE-2019-13288/) from cve details database, described as:
\>In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. ^471700

After trying and failing to build and make the version listed in the vulnerability page, 4.01.04, i went back to an older version - 3.02 which successfully built.
I spent an hour or so playing with it and trying to understand the errors, which I was able to and fix some of them, but others were just a lost cause so I had to decide it wasn't worth my time trying this version anymore.
Had a little bit of issues with making the 3.02 build but I was able to fix them after a while of playing around with the config files, I figured out that I had to specify locations of certain libraries outside of their usual places and feed that into the config before making, and was able to successfully do it.

## Fuzzing

In order to use a program with AFL++, the program needs to have source code available, then to be compiled with one of the compilers that comes with the install. I used the afl clang fast compiler. For later reference, the code to do this is

````
export LLVM_CONFIG="llvm-config-11"
CC=$HOME/AFLplusplus/afl-clang-fast CXX=$HOME/AFLplusplus/afl-clang-fast++ ./configure --prefix="$HOME/MEGAsync/Lvl\ 7\ II/fuzzing_xpdf/install" **path here to source files**
make
make install
````

you also need to make sure you SPELL THE DIRECTORY RIGHT otherwise all your files will go into another place and youll be stuck later wondering why things aren't working and have to spend another hour starting over from scratch once you do find out its a typo.
Also anytime there is a ./configure command, make sure to include `--with-freetype2-includes=/usr/include/freetype2 --with-freetype2-library=/usr/lib/x86_64-linux-gnu `

To get the fuzzer to run on some files, use this command
`afl-fuzz -i $HOME/MEGAsync/Lvl\ 7\ II/fuzzing_xpdf/pdf_examples/ -o $HOME/MEGAsync/Lvl\ 7\ II/fuzzing_xpdf/out/ -s 123 -- $HOME/MEGAsync/Lvl\ 7\ II/fuzzing_xpdf/install/bin/pdftotext @@ $HOME/MEGAsync/Lvl\ 7\ II/fuzzing_xpdf/output`

**-i**  = directory for the input files. this is a few example pdfs i downloaded
**-o** = directory where the fuzzer will store the mutated files
**-s** = the seed to use. because afl uses a non deterministic testing algorithm (diff result each time), using a fixed seed on the tests keeps the results for the runs similar
**--** = the command to use
**@@** = placeholder that AFL substitutes for each input file's name

pdftotext is part of xpdf's tools that comes when you install it.

Screenshot of fuzzer working



## Debugging

Now it's found some crashes, I'll check the out folder for the mutated files and run one through pdftotext.

````
pdftotext id:000000,sig:11,src:000528,time:91864,execs:47928,op:havoc,rep:2 $HOME/MEGAsync/Lvl\ 7\ II/fuzzing_xpdf/output 
Error: PDF file is damaged - attempting to reconstruct xref table...
zsh: segmentation fault  pdftotext id:000000,sig:11,src:000528,time:91864,execs:47928,op:havoc,rep:2 
````

The name of the files is that big long thing starting with id: and ending with rep:2. so thats just using pdftotext, passing the file, and saying the output will be in the path that comes afterwards.

When doing that, it gives a segmentation fault and crashes the program.

To find out why this crash happens, we have to debug it. There's a program called GDB which helps you do this. You just have to install it, and then compile the program using gdb.

* [Documentation for GDB](https://people.cs.pitt.edu/~mosse/gdb-note.html)

output from using gdb:

````
Reading symbols from /home/android66/MEGAsync/Lvl 7 II/fuzzing_xpdf/install/bin/pdftotext...
(gdb) run
Starting program: /home/android66/MEGAsync/Lvl 7 II/fuzzing_xpdf/install/bin/pdftotext /home/android66/MEGAsync/Lvl\ 7\ II/fuzzing_xpdf/out/default/crashes/id:000000,sig:11,src:000528,time:91864,execs:47928,op:havoc,rep:2 /home/android66/MEGAsync/Lvl\ 7\ II//fuzzing_xpdf/output
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Error: PDF file is damaged - attempting to reconstruct xref table...

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7ab638d in _int_malloc (av=av@entry=0x7ffff7bf1c60 <main_arena>, 
    bytes=4) at ./malloc/malloc.c:3979
3979	./malloc/malloc.c: No such file or directory.
(gdb) 
````

using the command bt (backtrace - printing a backtrace of all the active functions on the execution stack, i.e. looking at the functions of the pdftotext program) reveals this

````
#0  0x00007ffff7ab638d in _int_malloc (
    av=av@entry=0x7ffff7bf1c60 <main_arena>, bytes=4) at ./malloc/malloc.c:3979
#1  0x00007ffff7ab789a in __GI___libc_malloc (bytes=<optimized out>)
    at ./malloc/malloc.c:3315
#2  0x000055555562092a in gmalloc (size=4) at gmem.cc:97
#3  0x0000555555620b5d in copyString (s=0x5555565564e4 "obj") at gmem.cc:261
#4  0x00005555555f52e6 in Object::initCmd (this=0x555556556498, 
    cmdA=0x5555565564e4 "obj")
    at /home/android66/MEGAsync/Lvl 7 II/fuzzing_xpdf/xpdf-3.02/xpdf/Object.h:103
#5  0x00005555555f15ff in Lexer::getObj (this=0x5555565564c0, 
    obj=0x555556556498) at Lexer.cc:458
#6  0x00005555555f9e53 in Parser::shift (this=0x555556556470) at Parser.cc:226
#7  0x00005555555f97e9 in Parser::getObj (this=0x555556556470, 
    obj=0x7fffff7ff2a0, fileKey=0x0, encAlgorithm=cryptRC4, keyLength=0, 
    objNum=0, objGen=0) at Parser.cc:108
#8  0x000055555561bcd6 in XRef::fetch (this=0x5555556c22f0, num=7, gen=0, 
    obj=0x7fffff7ff3e0) at XRef.cc:811
#9  0x00005555555f4c22 in Object::fetch (this=0x555556556368, 
    xref=0x5555556c22f0, obj=0x7fffff7ff3e0) at Object.cc:106
#10 0x000055555559b726 in Dict::lookup (this=0x555556556310, 
    key=0x555555643a8f "Length", obj=0x7fffff7ff3e0) at Dict.cc:76
#11 0x00005555555f580d in Object::dictLookup (this=0x7fffff7ff690, 

````

On line 13, function #7, we see Parser::getObj, which matches [ the vulnerability](Prj%20week%205.md#471700) we were looking for.
To be honest I have no idea how exactly an attacker can use this to perform a dos attack. I think I found the section in the program's code that it's referring to, in the file parser.cc line 108 is the first `shift();` in this section.

````
// indirect reference or integer
  } else if (buf1.isInt()) {
    num = buf1.getInt();
    shift();
    if (buf1.isInt() && buf2.isCmd("R")) {
      obj->initRef(num, buf1.getInt());
      shift();
      shift();
    } else {
      obj->initInt(num);
    }
````

## Afterthoughts

While this is great and I found a good repository of guides for using AFL++ on software this week, and also managed to get it working to even detect a known vulnerability, i've been using the fuzzers that are prebuilt in with the AFL++ stuff, rather than the bits and pieces of fuzzers in the LibAfl library, which is a fork of ++, and is the library that can be used to create custom fuzzers.
Having done this and gotten familiar with how it works and the commands to use, I can now start to use LibAfl to stitch together a fuzzer made from scratch to perform the same operations as outlined above.


Prj week 5

## Building last week's task in LibAfl with Rust

This week i'm applying the knowledge and skills I learnt last week with fuzzing the xpdf program in afl++, to building a fuzzer with libafl's custom component library using rust.

the good thing about rust is that it'll just run in terminal rather than needing a code editor program, which is really handy. obviously you can use any notepad app to create the .rs files and write that code, but running commands works anywhere in terminal.
to set up a folder as a rust workspace it's super easy, you need to make a `cargo.toml` file in any folder, as a little template to mark it as a workspace folder. here's a default i found:

````
[workspace]

members = [
    "<rust-project-names-listed-here>",
    "<these-will-be-your-diff-folders>"
]

[profile.release]
lto = true
codegen-units = 1
opt-level = 3
debug = true
````

(dont need to include the \< > around the names)

* `lto=true` :: perform link-time optimizations across all crates within the dependency graph
* `codegen-units=1` :: controls how many “code generation units” a crate will be split into; higher codegen-units **MAY** produce slower code (max value 256)
* `opt-level=3` :: controls the level of optimizations; 3 == “all optimizations”
* `debug=true` :: controls the amount of debug information included in the compiled binary; true == “full debug info”

then in terminal you can write `cargo new project-name` and that'll create another folder inside that workspace and populate it with the files you'll need, which includes .git stuff so its compatible with github.

tried to make a build.rs script to compile xpdf with afl clang again, failed cause couldnt get the directorys and stuff right "error couldnt configure, no file or directory was found". some bullshit. paths were correct. compiling manually rather than needing a complicated script for something that i can do within 10 seconds.

Going back through the tutorial you did a couple weeks ago making that example baby fuzzer will be helpful to refresh memory and understand what rust components, functions, and parts the fuzzer needs to have in its main src code, so read thru that again. and also open your main src file and read the notes in the code.

Going through tutorial at academy.fuzzinglabs.com - "introduction to rust fuzzing"


Prj week 6

This week I was away travelling down the south island to christchurch, as a result I didn't do as much on my project as I would if I was at home. I took my laptop with me and was working through a rust fuzzing tutorial series that I got from Fuzzing Labs Academy, at this link:
https://academy.fuzzinglabs.com/view/courses/introduction-rust-fuzzing/472714-fuzzing-rust-library-using-cargo-fuzz-libfuzzer/1412266-video-complete-step-by-step-tutorial


Prj week 7

This week I got back in Nelson and finished the tutorial series from last week.
I found that it wasn't really ideal towards what I was trying to accomplished, because they were targetting a certain rust library and the fuzzing program the tutor wrote in this series was really simple ( think like one code block worth of code ) he also used tools such as libafl, which I have already covered in a previous week, and it was really quite hard to follow along with because the tutor talked with a thick european accent which I had to have subtitles on to understand so overall it was a poor couple of weeks work doing this.

After that, I started writing the code for the fuzzer itself because I had to get a move on.

I used these two projects as a reference point for a working rust fuzzer

* https://epi052.gitlab.io/notes-to-self/blog/2021-11-01-fuzzing-101-with-libafl/

* https://github.com/AFLplusplus/LibAFL/blob/main/fuzzers/forkserver_simple/src/main.rs

The first one was extremely helpful and guided me a lot during putting together this project. The author went indepth into his explanations of what the different components do, how to use them, and how to put them all together.


Prj week 8

This week I had to take a break from my project because I had another classes assignment due, so I worked on that all week.


prj701

Building last week's task in LibAfl with Rust