Fuzzing against the machine : automate vulnerability research with emulated IoT devices on Qemu

Fuzzing against the machine automate vulnerability research with emulated IoT devices on Qemu

Find security flaws in any architecture effectively through emulation and fuzzing with QEMU and AFL Purchase of the print or Kindle book includes a free PDF eBook Key Features Understand the vulnerability landscape and useful tools such as QEMU and AFL Explore use cases to find vulnerabilities and e...

Descripción completa

Detalles Bibliográficos
Otros Autores: Nappa, Antonio, author (author), Blázquez, Eduardo, author
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham, England : Packt Publishing [2023]
Edición:1st ed
Materias:
Internet of things > Security measures > Research > Methodology.
Fuzzy algorithms.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009743439806719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright and Credits
  • Dedications
  • Forewords
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Foundations
  • Chapter 1: Who This Book is For
  • Who is this book for?
  • Prerequisites
  • A custom journey
  • Getting a primer
  • The utility belt
  • Ladies and gentlemen, start your engines
  • QEMU basic instrumentation
  • OpenWrt full system emulation
  • Samsung Exynos baseband
  • iOS and Android
  • Summary
  • Chapter 2: History of Emulation
  • What is emulation?
  • Why is emulation needed?
  • Differences between emulation and virtualization
  • Emulation besides QEMU
  • MAME
  • Bochs
  • RetroPie
  • The role of emulation and virtualization in cybersecurity through history
  • Anubis
  • TEMU
  • Ether
  • The Cuckoo sandbox
  • Commercial solutions - VirusTotal and Joe Sandbox
  • Summary
  • Chapter 3: QEMU From the Ground
  • Approaching IoT devices with emulation
  • Code structure
  • QEMU emulation
  • QEMU IR
  • A deep-dive into QEMU architecture
  • QEMU extensions and mods
  • A brief example of Avatar2
  • PANDA
  • Summary
  • Part 2: Emulation and Fuzzing
  • Chapter 4: QEMU Execution Modes and Fuzzing
  • QEMU user mode
  • QEMU full-system mode
  • Fuzzing and analysis techniques
  • The Rosetta Stone of program semantics
  • Fuzzing techniques
  • American Fuzzy Lop and American Fuzzy Lop++
  • Advantages of AFL and AFL++ versus my own fuzzer
  • Fuzzing with AFL and AFL++
  • Fuzzing ARM binaries
  • Summary
  • Chapter 5: A Famous Refrain: AFL + QEMU = CVEs
  • Is it so easy to find vulnerabilities?
  • Downloading and installing AFL++
  • Preparing a vulnerable VLC instance
  • VLC exploit
  • Full-system fuzzing - introducing TriforceAFL
  • Passing inputs to the guest system
  • Summary
  • Further reading
  • Appendix
  • Chapter 6: Modifying QEMU for Basic Instrumentation
  • Adding a new CPU
  • Emulating an embedded firmware.
  • Reverse engineering DMA peripherals
  • Emulating UART with Avatar2 for firmware debugging - visualizing output
  • Summary
  • Part 3: Advanced Concepts
  • Chapter 7: Real-Life Case Study: Samsung Exynos Baseband
  • A crash course on mobile phone architecture
  • Baseband
  • Baseband CPU family
  • Application processor and baseband interface
  • A talk with Shannon
  • A note on GSM/3GPP/LTE protocol specifications
  • Setting up FirmWire for vulnerability validation
  • CVE-2020-25279 - emulator fuzzing
  • CVE-2020-25279 - OTA exploitation
  • Summary
  • Chapter 8: Case Study: OpenWrt Full-System Fuzzing
  • OpenWrt
  • Building the firmware
  • Testing the firmware in QEMU
  • Extracting and preparing the kernel
  • Fuzzing the kernel
  • Post-crash core dump triaging
  • Summary
  • Chapter 9: Case Study: OpenWrt System Fuzzing for ARM
  • Emulating the ARM architecture to run an OpenWrt system
  • Installing TriforceAFL for ARM
  • Running TriforceAFL in OpenWrt for ARM
  • Obtaining a crash
  • Summary
  • Chapter 10: Finally Here: iOS Full System Fuzzing
  • A brief history of iOS emulation
  • iOS basics
  • What it takes to boot iOS
  • Code signatures
  • Plist files and entitlements
  • Binaries compilation
  • IPSW formats and research kernels
  • Setting up an iOS emulator
  • Preparing the environment
  • Building the emulator
  • Boot prepping
  • Booting iOS in QEMU
  • Preparing your harness to start fuzzing
  • Triforce's driver mod for iOS
  • Summary
  • Chapter 11: Deus Ex Machina: Fuzzing Android Libraries
  • Introducing the Android OS and its architecture
  • The Android architecture
  • Fuzzing Android libraries with Sloth
  • Introducing Sloth's mechanisms
  • Introducing AFL coverage
  • Running the ELF linker
  • Running LibFuzzer
  • Addressing issues with the Sloth fuzzing method
  • Running Sloth
  • Summary
  • Chapter 12: Conclusion and Final Remarks
  • Index.
  • Other Books You May Enjoy.

Ejemplares similares