Root Cause Analysis With AddressSanitizer (ASan) | Ep. 06

Channel:

Subscribers:

920,000

Published on July 2, 2021 5:16:45 PM ● Video Link: https://www.youtube.com/watch?v=_W3D_0erZ00

Duration: 9:31

29,523 views

Now that we found a crash and got a minimal testcase last episode, we can now try to find the true location of the overflow. ASan is an invaluable tool for that.

Fuzzing Project: https://fuzzing-project.org/tutorial2.html
Grab the files: https://github.com/LiveOverflow/pwnedit
Full Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx

Episode 06:
00:00 - Intro
00:47 - Create sudo ASan build
01:47 - Investigating weird issue
04:14 - Accidentally solving the problem
05:10 - Improve AddressSanitizer Debug Output
06:49 - Interpreting AddressSanitizer Output
07:23 - Triaging More Unique Crashes
08:25 - Plan For Next Steps

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Other Videos By LiveOverflow

2021-09-12	What Ethereum Smart Contract Hacking Looks Like
2021-09-04	Discussing Heap Exploit Strategies for sudo - Ep. 09
2021-08-28	"Controversial Security" // BSides Berlin 2021
2021-08-26	using z3 to reverse a custom hash during a CTF be like #shorts
2021-08-19	can you hack this screenshot service?? - CSCG 2021
2021-08-11	C Code Review - Reaching Vulnerable Code in sudo \| Ep. 08
2021-07-31	DO NOT USE alert(1) for XSS
2021-07-24	Understanding C Pointer Magic Arithmetic \| Ep. 07
2021-07-17	Crazy Steam Phishing Page
2021-07-10	What is a Browser Security Sandbox?! (Learn to Hack Firefox)
2021-07-02	Root Cause Analysis With AddressSanitizer (ASan) \| Ep. 06
2021-06-25	Found a Crash Through Fuzzing? Minimize AFL Testcases! \| Ep. 05
2021-06-18	Understand Security Risk vs. Security Vulnerability!
2021-06-11	Finding Buffer Overflow with Fuzzing \| Ep. 04
2021-06-04	Hacker Culture Meritocracy?
2021-05-22	Troubleshooting AFL Fuzzing Problems \| Ep. 03
2021-05-15	Pentesting vs. Bug Bounty vs. Pentesting ???
2021-05-08	How Fuzzing with AFL works! \| Ep. 02
2021-04-29	Why Pick sudo as Research Target? \| Ep. 01
2021-04-22	How SUDO on Linux was HACKED! // CVE-2021-3156
2021-04-15	How To Protect Your Linux Server From Hackers!

Tags:

ASan

Address Sanitizer

AddressSanitizer

Live Overflow

afl

afl tutorial

american fuzzy lop

asan output

buffer overflow

bug

bug bounty

capture the flag

crash analysis

crash triaging

debug output

exploit tutorial

fuzzer

fuzzing

guided fuzzing

hacking class

hacking tutorial

heap overflow

how to hack

liveoverflow

privilege escalation

root cause

security research

triage