Fuzzing Against The Machine: Automate vulnerability research with emulated IoT devices on Qemu

Book Description

Emulation and fuzzing are amongst the many techniques that are in use for cybersecurity, but how to use these techniques?

Fuzzing against the machine is a hands-on guide that will take you through the “how” of these powerful tools and techniques. Using a variety of real-world use cases and practical examples, you’ll be taken from an overview of the fundamental concepts of fuzzing and emulation to advanced vulnerability research, giving you the tools and skills, you need to find the security flaws in your software.

This book starts with an introduction to Qemu, a tool that allows you to run software for whatever architecture you can think of, and American fuzzy lop (AFL) and it’s improved version AFL++, free and open source famous fuzzer engines. You’ll combine these powerful tools to create your own emulation and fuzzing environment and then use it to discover vulnerabilities in systems such as iOS, Android and Samsung’s Mobile Baseband software, Shannon. Once you’ve read the introductions and set up your environment you will get flexibility to dive into whichever chapter you want, although they get steadily more advanced as the book progresses.

By the end of the book, you’ll have the skills, knowledge, and practice required to find the flaws in any firmware by emulating and fuzzing it with Qemu and several fuzzing engines.