back

Fuzz Everything, Everywhere, All at Once

Advanced QEMU-based fuzzing

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:40:43
Language
English
Abstract
The maintainers of the AFLplusplus open-source project show crazy new ways to (ab)use QEMU to explore difficult, binary-only targets through fuzzing.

We present a proof of concept using LibAFL\_qemu to find command and SQL-injections, going beyond the classic fuzzing for memory corruption.

We also showcase how to build a custom fuzzer to test Android libraries without using a phone.

In this talk, the maintainers of the AFLplusplus organization present the QEMU-based instrumentation engines developed as part of AFL++ and LibAFL to fuzz advanced binary-only targets. We discuss our extensions to QEMU, the well-known emulator, to allow high-performance, cross-architecture fuzzing and target instrumentation.

We present LibAFL QEMU, a library that offers convenient APIs to hook the target using Rust.
Unlike other public fuzzers, tools built with LibAFL can scale over cores and machines to find vulnerabilities faster and at a large scale. We showcase how we built a custom fuzzer for a binary-only Android library using this new emulator API for fuzzing that scales to 80+ cores almost linearly, reaching a whopping number of executions per second!

Finally, we demo a proof of concept using LibAFL to find injection vulnerabilities in the binaries, going beyond the typical fuzzing for memory corruptions.

Talk ID
12102
Event:
37c3
Day
2
Room
Saal 1
Start
1:50 p.m.
Duration
00:40:00
Track
Security
Type of
lecture
Speaker
domenukk
andreafioraldi
van Hauser
Dongjia Zhang
Addison Crump
Other Artists
Talk Slug & media link
37c3-12102-fuzz_everything_everywhere_all_at_once
English
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%
  

Work on this video on Amara!

English: Transcribed until

Last revision: 4 months, 2 weeks ago