Fuzz Everything, Everywhere, All at Once - Advanced QEMU-Based Fuzzing
Offered By: media.ccc.de via YouTube
Course Description
Overview
Explore advanced QEMU-based fuzzing techniques in this 41-minute conference talk from the 37th Chaos Communication Congress (37C3). Dive into the AFLplusplus open-source project's innovative approaches to fuzzing binary-only targets. Learn how to leverage AFL++ and QEMU for discovering command and SQL injections, expanding beyond traditional memory corruption detection. Discover a scalable method for fuzzing binary-only code using LibAFL and QEMU, with a focus on testing Android libraries without physical devices. Gain insights into QEMU-based instrumentation engines, high-performance cross-architecture fuzzing, and target instrumentation. Witness a demonstration of injection vulnerability detection in binaries using AFL++. Explore LibAFL QEMU's convenient APIs for target hooking with Rust, and understand how to build custom fuzzers that scale efficiently across multiple cores and machines for faster vulnerability discovery.
Syllabus
37C3 - Fuzz Everything, Everywhere, All at Once
Taught by
media.ccc.de
Related Courses
Threat Hunting with YaraPluralsight Reverse Engineering 3201: Symbolic Analysis
OpenSecurityTraining2 via Independent Firing Rounds at the Analysis Shooting Gallery - CSAW'16 Security Workshop
New York University (NYU) via YouTube angr: Binary Analysis Framework - Demonstration and Analysis
New York University (NYU) via YouTube Debin: Predicting Debug Information in Stripped Binaries
Association for Computing Machinery (ACM) via YouTube