Finding 0days in Embedded Systems with Code Coverage Guided Fuzzing

Explore advanced techniques for discovering vulnerabilities in embedded systems through code coverage guided fuzzing in this 58-minute conference talk from BruCON Security Conference. Delve into the challenges of applying this trending methodology to embedded devices like network routers and IP cameras. Learn how to overcome obstacles such as closed ecosystems, lack of source code, and limited architecture support. Discover innovative approaches including firmware emulation, a new lightweight dynamic binary instrumentation framework supporting multiple architectures, and a powerful guided fuzzer for binary-only applications. Gain insights into real-world applications, including the discovery of critical 0-day vulnerabilities in popular embedded network devices. Experience a deeply technical yet engaging presentation featuring exciting demonstrations and potential public disclosure of newly discovered bugs.