Bugs on the Windshield: Fuzzing the Windows Kernel presented at BlueHatIL 2020

by Netanel Alon,

URL : https://youtu.be/-BkjkimINC8

Summary : The mere existence of fuzzers is not breaking news, as they’ve been around for more than two decades. The big news is that fuzzers have grown up. They’ve become more capable, more accessible, and overall more mature.This talk describes a new approach for coverage-guided grammar fuzzing the Windows kernel, and enhancements to the known approaches for fuzzing Windows applications. Our research picks ups where our last one ended (where we squeezed WinAFL to get 50 CVEs in 50 days from Adobe), making our way from userspace to ring0.We utilized a state-of-the-art Linux syscall fuzzer (Syzkaller) to hunt for bugs in the Windows kernel. We did this by targeting the Windows Subsystem for Linux (WSL) and then going straight to win32k, resulting in a handful of vulnerabilities.We’ll share our experiences from the trenches of fuzzing Windows, triaging the bugs from the vulnerabilities, and being acknowledged in the MSRC Top 100 (all bounty payments are donated). ​