Not Yet Another Fuzzer

 Gaston Aznarez 

Mirá la charla completa acá
Odoo • Imagen y texto

Abstract :

Fuzzing, or Fuzz Testing, is the process of finding security vulnerabilities in programs by repeatedly providing invalid, unexpected, fuzzed, or random data as inputs. Since this process is highly dependent on the input interface and the execution environment of the target , fuzzing programs with simple interfaces like command line arguments or files in a usual architecture is very straightforward nowadays, but… What happens when it isn’t a command line program? And if it isn’t on your machine? And if it has another architecture? And if it is for another OS or no OS at all? This can be really tricky, so… With NYAF we’re going to overcome these difficulties by abstracting away from the execution environment and the input interface.


Description

In this talk I’m going to present NYAF, a multi-platform fuzzer based on emulation and guided by the Generation Search algorithm, seen for the first time on the well known SAGE fuzzer.


The main goal of the fuzzer is to abstract the program from its natural execution environment (OS/Hardware), and analyze it in a more comfortable and emulated one, to improve the capabilities in terms of analysis, scalability and efficiency. This approach will help with fuzzing on targets like IOT devices, embedded systems, firmware and OS.


Currently, the fuzzer supports the following architectures and platforms:


Architectures:

ARM32

AArch64

X86

x86_64

Platforms:

Windows

MacOs

Linux

UEFI

Bare metal

NYAF is fully written in python and it can be easily extended to improve its functionalities, provide support for another platform or create a custom test case generation method. It primarily uses two python frameworks to work:


Qiling: an advanced binary emulation framework built on top of Unicorn Engine in pure python used to emulate the programs.


Triton: A Dynamic Binary Analysis framework used to implement the concolic execution needed in the General Search algorithm.


The main goal of the talk is to explain, at a high level, the internals of the fuzzer to understand why it can overcome the difficulties that the different environments impose, and the nature of the design decisions needed to reach the fuzzer goals . The main topics to discuss are:


The hardware abstraction: Snapshot taking and emulation.

How to recognize a bug in the execution.

Efficient test case generation: Generational Search using concolic execution.

And at the end, we are going to show a use case for the fuzzer to prove the topics discussed earlier with a real world case.

Speaker:  Gastón Aznarez

"I’m Gastón Aznarez, a 23-year-old enthusiast about computers and security. I started learning about computers just before I finished collage, and after that, I started studying Computer Science at FaMAF (National University of Córdoba). Meanwhile, my career as a software developer grows with jobs in different fields like: web, mobile, embedded and communication protocols. Until I discovered computer security and decided to follow this path, at first with CTFs and reverse engineering but later getting a full time job on this field. I’m currently working as a Firmware Security Automation Engineer at Eclypsium, finishing my final year project and playing CTFs when I get some time."