Cover Image

Fuzzing Against the Machine Automate Vulnerability Research with Emulated IoT Devices on QEMU / Antonio Nappa, Eduardo Blázquez ; foreword by Nikias Bassen, Dr. Javier López-Gómez.

Find security flaws in any architecture effectively through emulation and fuzzing with QEMU and AFL Purchase of the print or Kindle book includes a free PDF eBook Key Features Understand the vulnerability landscape and useful tools such as QEMU and AFL Explore use cases to find vulnerabilities and e...

Full description

Saved in:
Bibliographic Details
Online Access: Full Text (via O'Reilly/Safari)
Main Authors: Nappa, Antonio (Author), Blázquez, Eduardo (Author)
Other Authors: Bassen, Nikias (writer of foreword.), López-Gómez, Javier (writer of foreword.)
Format: eBook
Language:English
Published: Birmingham : Packt Publishing, Limited, 2023.
Subjects:
Internet of things > Security measures > Research > Methodology.
Fuzzy algorithms.
Fuzzy algorithms
Table of Contents:
  • Cover
  • Title Page
  • Copyright and Credits
  • Dedications
  • Forewords
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Foundations
  • Chapter 1: Who This Book is For
  • Who is this book for?
  • Prerequisites
  • A custom journey
  • Getting a primer
  • The utility belt
  • Ladies and gentlemen, start your engines
  • QEMU basic instrumentation
  • OpenWrt full system emulation
  • Samsung Exynos baseband
  • iOS and Android
  • Summary
  • Chapter 2: History of Emulation
  • What is emulation?
  • Why is emulation needed?
  • Differences between emulation and virtualization
  • Emulation besides QEMU
  • MAME
  • Bochs
  • RetroPie
  • The role of emulation and virtualization in cybersecurity through history
  • Anubis
  • TEMU
  • Ether
  • The Cuckoo sandbox
  • Commercial solutions
  • VirusTotal and Joe Sandbox
  • Summary
  • Chapter 3: QEMU From the Ground
  • Approaching IoT devices with emulation
  • Code structure
  • QEMU emulation
  • QEMU IR
  • A deep-dive into QEMU architecture
  • QEMU extensions and mods
  • A brief example of Avatar2
  • PANDA
  • Summary
  • Part 2: Emulation and Fuzzing
  • Chapter 4: QEMU Execution Modes and Fuzzing
  • QEMU user mode
  • QEMU full-system mode
  • Fuzzing and analysis techniques
  • The Rosetta Stone of program semantics
  • Fuzzing techniques
  • American Fuzzy Lop and American Fuzzy Lop++
  • Advantages of AFL and AFL++ versus my own fuzzer
  • Fuzzing with AFL and AFL++
  • Fuzzing ARM binaries
  • Summary
  • Chapter 5: A Famous Refrain: AFL + QEMU = CVEs
  • Is it so easy to find vulnerabilities?
  • Downloading and installing AFL++
  • Preparing a vulnerable VLC instance
  • VLC exploit
  • Full-system fuzzing
  • introducing TriforceAFL
  • Passing inputs to the guest system
  • Summary
  • Further reading
  • Appendix
  • Chapter 6: Modifying QEMU for Basic Instrumentation
  • Adding a new CPU
  • Emulating an embedded firmware
  • Reverse engineering DMA peripherals
  • Emulating UART with Avatar2 for firmware debugging
  • visualizing output
  • Summary
  • Part 3: Advanced Concepts
  • Chapter 7: Real-Life Case Study: Samsung Exynos Baseband
  • A crash course on mobile phone architecture
  • Baseband
  • Baseband CPU family
  • Application processor and baseband interface
  • A talk with Shannon
  • A note on GSM/3GPP/LTE protocol specifications
  • Setting up FirmWire for vulnerability validation
  • CVE-2020-25279
  • emulator fuzzing
  • CVE-2020-25279
  • OTA exploitation
  • Summary
  • Chapter 8: Case Study: OpenWrt Full-System Fuzzing
  • OpenWrt
  • Building the firmware
  • Testing the firmware in QEMU
  • Extracting and preparing the kernel
  • Fuzzing the kernel
  • Post-crash core dump triaging
  • Summary
  • Chapter 9: Case Study: OpenWrt System Fuzzing for ARM
  • Emulating the ARM architecture to run an OpenWrt system
  • Installing TriforceAFL for ARM
  • Running TriforceAFL in OpenWrt for ARM
  • Obtaining a crash
  • Summary
  • Chapter 10: Finally Here: iOS Full System Fuzzing

Similar Items