Presented at
Black Hat Europe 2016,
Nov. 4, 2016, 3:30 p.m.
(30 minutes).
Along with virtualization technology adopted by both enterprise and customer popularly, virtual machines escape attacking become more and more critical which could NOT be ignored. Because of virtual devices' nature character (virtual device emulation is in host level, guest can access virtual devices with arbitrary data), they are a big attack surface to achieve virtual machine escaping. In fact among those reported virtual machines escape attacking, the virtual device attacking hold big ratio. For example, the VENOM attacking (Reference 8.1).<br><br> Several fuzzing methods towards virtual devices have been released including dump I/O traces and replay in guest OS, conformance fuzzing to constraint virtual device in proper internal state and so forth. However, rare of them considered calculating and controlling code coverage and control in intension. And also, rare of them consider keep their fuzzing framework portable for difference virtualization software.<br><br> So what happens when virtualization fuzzing encounter with AFL? We would like give you one possible answer. Our portable virtual device fuzzing framework with AFL could solve both of the two challenges—code coverage feedback and portability.
Presenters:
-
Jack Tang
- Sr. Staff Engineer-Developer, TrendMicro
Jack Tang has ten years of anti-malware solutions development. He is familiar with Windows/Mac kernel technology as well as virtualization technology.
-
Moony Li
- Staff Engineer-Developer, TrendMicro
Moony Li has seven years of security production development. He is the RD Leader of Sandcastle core engine of DD(Deep Discovery) production for Gateway 0day exploit detection.
Links:
Similar Presentations: