Showing Articles About
fuzzing
- 13 Sep 2023
Guiding black-box CAN fuzzing with electromagnetic side-channel analysis
An electromagnetic side-channel analysis technique is introduced for guiding black-box CAN fuzzing in automotive Electronic Control Units (ECUs). The method helps identify valid CAN message IDs by analyzing electromagnetic emissions during message processing. This approach improves fuzzing effectiveness when detailed system documentation is unavailable.
-
Fabian Beterke - 15 Nov 2019
Prince of the Honeycomb
A critical heap-buffer overflow vulnerability was discovered in Prince XML, a PDF conversion tool used by the Honeycomb application. The vulnerability was found through fuzzing and binary analysis of TIFF image parsing code. By crafting a malicious TIFF file, an attacker could potentially achieve remote command execution when processing specially crafted image files.
- 15 Feb 2019
Ventures into Hyper-V - Fuzzing hypercalls
A technical investigation explored fuzzing Hyper-V hypercalls using a custom kernel driver called Virdian Fuzzer (VIFU). The research systematically tested both documented and undocumented hypercalls in Microsoft's virtualization platform. The project involved complex technical analysis of hypercall mechanisms, address translation, and potential vulnerabilities in the Hyper-V architecture.
- 23 Jan 2019
What the Fuzz
Fuzzing is an automated software testing technique that generates random inputs to identify potential vulnerabilities in programs. The article explores fuzzing fundamentals, including its architecture, different approaches like dumb and smart fuzzing, and a selection of fuzzing tools and recent research. The goal is to provide an overview of fuzzing techniques and their potential for discovering software bugs.
- James Loureiro
- 25 Sep 2017
Biting the Apple that feeds you - macOS Kernel Fuzzing
An automated kernel fuzzing framework was developed for the macOS XNU kernel using an in-memory fuzzer with static and dynamic analysis techniques. The framework targeted core subsystems to identify critical vulnerabilities in macOS. The approach aimed to address the limited existing automated kernel fuzzing solutions for the Apple platform.
- Yong Chuan Koh
- 12 Oct 2016
Fuzzing the Windows kernel
A presentation by Yong Chuan Koh at HITB GSEC 2016 introduced a Python-based fuzzing framework for testing Windows kernel security. The framework is designed to be scalable and extensible for comprehensive kernel vulnerability detection. Presentation slides are available for download from the original source.
- Nils
- 12 Oct 2016
Windows Kernel Fuzzing
A distributed fuzzing technique was developed to target the Windows kernel and identify critical vulnerabilities. The approach focused on generating high-quality test cases to detect potential privilege escalation and sandbox breakout exploits. The fuzzing method scaled across hundreds of CPU cores to systematically assess the kernel's attack surface.
- James Loureiro Georgi Geshev
- 15 Aug 2016
Platform Agnostic Kernel Fuzzing
Platform agnostic kernel fuzzing research developed a method for systematically testing system and library calls across Windows and POSIX kernels. The approach focused on effectively logging crashes, reproducing vulnerabilities, and scaling fuzzing across multiple virtual machines. The research provided a framework for identifying kernel-level bugs through comprehensive and methodical testing.
- Alex Plaskett Georgi Geshev
- 16 Mar 2016
QNX: 99 Problems but a Microkernel ain't one!
This presentation explores security research on the QNX microkernel operating system used in critical systems like automotive and consumer devices. The talk examined QNX's security architecture through reverse engineering and fuzzing techniques. The goal was to provide insights into QNX subsystems and potential attack surfaces for privilege escalation.
- Alex Plaskett Georgi Geshev
- 16 Mar 2016
QNX: Security Architecture Whitepaper
A whitepaper by Alex Plaskett and Georgi Geshev examines the security architecture of QNX, a microkernel operating system. The document explores key operating system features and potential attack vectors against QNX-based platforms. The research identifies security weaknesses and suggests opportunities for further investigation into the QNX platform's security.
- Piotr Osuch
- 15 Nov 2015
EMV Protocol Fuzzer
An EMV protocol fuzzer was developed to evaluate the security of point-of-sale devices and smartcard systems. The fuzzer enables real-time monitoring and modification of EMV communication streams to identify potential vulnerabilities. The tool includes Python interfaces and robotic automation to facilitate comprehensive security testing of financial transaction technologies.
- Nils
- 10 Dec 2014
Faster fuzzing with Python
This article explores performance optimization techniques for executing external processes in Python. By investigating process spawning methods like subprocess, fork, and posix_spawn, the performance of small binary executions was analyzed. The investigation revealed that using posix_spawn with vfork can significantly improve execution speed compared to traditional subprocess methods.
- Nils Jon Butler
- 6 Sep 2013
MWR Labs Pwn2Own 2013 Write-up - Kernel Exploit
A kernel pool overflow vulnerability in Windows 7's Win32k system was demonstrated at Pwn2Own 2013. The exploit involved manipulating message buffer allocations to corrupt kernel memory structures. By carefully controlling message handling and window object properties, kernel-mode code execution was achieved, enabling a sandbox escape in Google Chrome.
- 14 Jul 2011
USB Fuzzing for the Masses
This article explores USB fuzzing techniques for discovering vulnerabilities in device drivers across different platforms. Multiple approaches to USB fuzzing are discussed, including virtualized fuzzing using Qemu and hardware-based fuzzing methods. The research highlights potential security risks in USB device driver implementations, demonstrating techniques for crash debugging and vulnerability exploitation.