Limit search to available items
Book Cover
E-book
Author Nappa, Antonio, author

Title Fuzzing Against the Machine Automate Vulnerability Research with Emulated IoT Devices on QEMU / Antonio Nappa, Eduardo Blázquez ; foreword by Nikias Bassen, Dr. Javier López-Gómez
Published Birmingham : Packt Publishing, Limited, 2023

Copies

Description 1 online resource (238 p.)
Contents Cover -- Title Page -- Copyright and Credits -- Dedications -- Forewords -- Contributors -- Table of Contents -- Preface -- Part 1: Foundations -- Chapter 1: Who This Book is For -- Who is this book for? -- Prerequisites -- A custom journey -- Getting a primer -- The utility belt -- Ladies and gentlemen, start your engines -- QEMU basic instrumentation -- OpenWrt full system emulation -- Samsung Exynos baseband -- iOS and Android -- Summary -- Chapter 2: History of Emulation -- What is emulation? -- Why is emulation needed? -- Differences between emulation and virtualization
Emulation besides QEMU -- MAME -- Bochs -- RetroPie -- The role of emulation and virtualization in cybersecurity through history -- Anubis -- TEMU -- Ether -- The Cuckoo sandbox -- Commercial solutions -- VirusTotal and Joe Sandbox -- Summary -- Chapter 3: QEMU From the Ground -- Approaching IoT devices with emulation -- Code structure -- QEMU emulation -- QEMU IR -- A deep-dive into QEMU architecture -- QEMU extensions and mods -- A brief example of Avatar2 -- PANDA -- Summary -- Part 2: Emulation and Fuzzing -- Chapter 4: QEMU Execution Modes and Fuzzing -- QEMU user mode
QEMU full-system mode -- Fuzzing and analysis techniques -- The Rosetta Stone of program semantics -- Fuzzing techniques -- American Fuzzy Lop and American Fuzzy Lop++ -- Advantages of AFL and AFL++ versus my own fuzzer -- Fuzzing with AFL and AFL++ -- Fuzzing ARM binaries -- Summary -- Chapter 5: A Famous Refrain: AFL + QEMU = CVEs -- Is it so easy to find vulnerabilities? -- Downloading and installing AFL++ -- Preparing a vulnerable VLC instance -- VLC exploit -- Full-system fuzzing -- introducing TriforceAFL -- Passing inputs to the guest system -- Summary -- Further reading -- Appendix
Chapter 6: Modifying QEMU for Basic Instrumentation -- Adding a new CPU -- Emulating an embedded firmware -- Reverse engineering DMA peripherals -- Emulating UART with Avatar2 for firmware debugging -- visualizing output -- Summary -- Part 3: Advanced Concepts -- Chapter 7: Real-Life Case Study: Samsung Exynos Baseband -- A crash course on mobile phone architecture -- Baseband -- Baseband CPU family -- Application processor and baseband interface -- A talk with Shannon -- A note on GSM/3GPP/LTE protocol specifications -- Setting up FirmWire for vulnerability validation
CVE-2020-25279 -- emulator fuzzing -- CVE-2020-25279 -- OTA exploitation -- Summary -- Chapter 8: Case Study: OpenWrt Full-System Fuzzing -- OpenWrt -- Building the firmware -- Testing the firmware in QEMU -- Extracting and preparing the kernel -- Fuzzing the kernel -- Post-crash core dump triaging -- Summary -- Chapter 9: Case Study: OpenWrt System Fuzzing for ARM -- Emulating the ARM architecture to run an OpenWrt system -- Installing TriforceAFL for ARM -- Running TriforceAFL in OpenWrt for ARM -- Obtaining a crash -- Summary -- Chapter 10: Finally Here: iOS Full System Fuzzing
Summary Find security flaws in any architecture effectively through emulation and fuzzing with QEMU and AFL Purchase of the print or Kindle book includes a free PDF eBook Key Features Understand the vulnerability landscape and useful tools such as QEMU and AFL Explore use cases to find vulnerabilities and execute unknown firmware Create your own firmware emulation and fuzzing environment to discover vulnerabilities Book Description Emulation and fuzzing are among the many techniques that can be used to improve cybersecurity; however, utilizing these efficiently can be tricky. Fuzzing Against the Machine is your hands-on guide to understanding how these powerful tools and techniques work. Using a variety of real-world use cases and practical examples, this book helps you grasp the fundamental concepts of fuzzing and emulation along with advanced vulnerability research, providing you with the tools and skills needed to find security flaws in your software. The book begins by introducing you to two open source fuzzer engines: QEMU, which allows you to run software for whatever architecture you can think of, and American fuzzy lop (AFL) and its improved version AFL++. You'll learn to combine these powerful tools to create your own emulation and fuzzing environment and then use it to discover vulnerabilities in various systems, such as iOS, Android, and Samsung's Mobile Baseband software, Shannon. After reading the introductions and setting up your environment, you'll be able to dive into whichever chapter you want, although the topics gradually become more advanced as the book progresses. By the end of this book, you'll have gained the skills, knowledge, and practice required to find flaws in any firmware by emulating and fuzzing it with QEMU and several fuzzing engines. What you will learn Understand the difference between emulation and virtualization Discover the importance of emulation and fuzzing in cybersecurity Get to grips with fuzzing an entire operating system Discover how to inject a fuzzer into proprietary firmware Know the difference between static and dynamic fuzzing Look into combining QEMU with AFL and AFL++ Explore Fuzz peripherals such as modems Find out how to identify vulnerabilities in OpenWrt Who this book is for This book is for security researchers, security professionals, embedded firmware engineers, and embedded software professionals. Learners interested in emulation, as well as software engineers interested in vulnerability research and exploitation, software testing, and embedded software development will also find it useful. The book assumes basic knowledge of programming (C and Python); operating systems (Linux and macOS); and the use of Linux shell, compilation, and debugging
Notes Description based upon print version of record
A brief history of iOS emulation
Subject Internet of things -- Security measures -- Research -- Methodology
Fuzzy algorithms.
Fuzzy algorithms.
Form Electronic book
Author Blázquez, Eduardo, author
Bassen, Nikias, writer of foreword
López-Gómez, Javier, writer of foreword
ISBN 9781804614228
180461422X