Security Alerts & News
by Tymoteusz A. Góral

History
#1063 Google Project Zero: A year of Windows kernel font fuzzing #2: the techniques
As a software testing technique, fuzzing has a very low entry bar and may be used to achieve satisfying results with little expertise or invested effort. However, it is still not a silver bullet in vulnerability hunting, and there are many stages which may require careful configuration or individual tailoring for a specific target or file format, especially for non-trivial targets such as closed-source operating system kernels. In this post, we have demonstrated how we attempted to enhance the process of Windows kernel font fuzzing to the maximum extent within the available time resources. We especially put a lot of energy into mutating, generating and exercising the inputs in a decently effective way, and into scaling the fuzzing process to thousands of machines, through the development of a dedicated Bochs instrumentation and aggressive optimization of the operating system. The outcome of the work, in the form of 16 high-severity vulnerabilities, has shown that the techniques were effective and improved upon previous work.

Considering how much potential fuzzing has and how broad the subject is, we look forward to seeing it grow further and be used to accomplish even more impressive effects, while ceasing to be perceived as a voodoo technique which "just works" regardless of the technical details behind it. In the upcoming weeks and months, we are also planning to share more of our experience and thoughts in this field.
Read more
#1066 Lenovo scrambling to get a fix for BIOS vulnerability
#1065 A Chinese ad firm is using malware to get more clicks
#1064 Espionage toolkit targeting central and eastern Europe uncovered
#1063 Google Project Zero: A year of Windows kernel font fuzzing #2: the techniques
#1062 How China took center stage in Bitcoin’s civil war
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12