vUSBf – QEMU/KEMU USB-Fuzzing framework

vusbf-Framework: A KVM/QEMU based USB-fuzzing framework.
Sergej Schumilo, OpenSource Security Spenneberg 2015
Version: 0.2

A USB-fuzzer which takes advantage of massive usage of virtual machines and also offers high reproducibility. This framework was initially released at Black Hat Europe 2014. This software is licensed under GPLv2. vUSBf was written in Python2 and requires the Scapy-framework. This framework provides:
* USB-fuzzing in practical time frames
* multiprocessing and clustering
* export sequences of payloads and replay them for debugging or investigation
* XML-based dynamic testcase generating
* expandable by writing new testcases, USB-emulators or monitoring-modules

https://github.com/schumilo/vUSBf

R00tkitSMM’s new Win32k.sys fuzzer

R00tkitSMM has created a Windows win32k.sys fuzzer project called Win32k-Fuzzer:

Fuzz and Detect “Use After Free” vulnerability in win32k.sys (Heap based)

“Win32k.sys for Windows is like Java for internet.”

https://github.com/Rootkitsmm/Win32k-Fuzzer

tlsfuzzer announced

Hubert Kario of Red Hat announced a new tool on the OSS-security list today. The tool, ‘tlsfuzzer’, is for reproducing, testing and (in the future) automatically finding issues in TLS implementations.

I’m looking forward to seeing if this can help test Tianocore’s HTTPS support, when TLS is added. 🙂

https://github.com/tomato42/tlsfuzzer/blob/master/docs/ruxcon2015-kario-slides.pdf
https://github.com/tomato42/tlsfuzzer

For more information, see the full post on the OSS-security list.