Explore advanced QEMU-based fuzzing techniques in this 41-minute conference talk from the 37th Chaos Communication Congress (37C3). Dive into the AFLplusplus open-source project's innovative approaches to fuzzing binary-only targets. Learn how to leverage AFL++ and QEMU for discovering command and SQL injections, expanding beyond traditional memory corruption detection. Discover a scalable method for fuzzing binary-only code using LibAFL and QEMU, with a focus on testing Android libraries without physical devices. Gain insights into QEMU-based instrumentation engines, high-performance cross-architecture fuzzing, and target instrumentation. Witness a demonstration of injection vulnerability detection in binaries using AFL++. Explore LibAFL QEMU's convenient APIs for target hooking with Rust, and understand how to build custom fuzzers that scale efficiently across multiple cores and machines for faster vulnerability discovery.
Overview
Syllabus
37C3 - Fuzz Everything, Everywhere, All at Once
Taught by
media.ccc.de