Pandas and Rabbits: Xen Meets American Fuzzy Lop presented at bsideswellington 2017

by Matthew Daley,

Summary : Xen is an open-source hypervisor that powers some of the world’s biggest public and private cloud infrastructure, such as Amazon's EC2 and Rackspace Cloud.
American Fuzzy Lop is an open-source fuzzing tool that has found vulnerabilities in tons of software, such as OpenSSL, PHP, Internet Explorer and Android.
Fuzzing programs that handle discrete sources of data such as files and network connections is simple, but how can we integrate AFL with a hypervisor like Xen to find bugs? In addition, how can we turn any bugs we find into exploits that break out of a virtual machine and gain access to the entire physical host?
Come and find out what goes on beneath your virtualised operating system as I describe the process of finding and exploiting bugs in Xen through fuzzing with AFL. You'll learn about paravirtualisation, hypercalls, page tables, ring buffers, Qubes, and what happens when you accidentally replace every process on a system with an instance of Python.