To know more about the making of the book: click on the whiteboard
This is the code repository for Fuzzing Against the Machine, published by Packt.
For the Docker Images please refer to this link Filesystem Images They are pretty large. Be patient
Automate vulnerability research with emulated IoT devices on QEMU
This book covers the following exciting features:
- Understand the difference between emulation and virtualization
- Discover the importance of emulation and fuzzing in cybersecurity
- Get to grips with fuzzing an entire operating system
- Discover how to inject a fuzzer into proprietary firmware
- Know the difference between static and dynamic fuzzing
- Look into combining QEMU with AFL and AFL++
- Explore Fuzz peripherals such as modems
- Find out how to identify vulnerabilities in OpenWrt
If you feel this book is for you, get your copy today!
All of the code is organized into folders. For example, Chapter_4.
The code will look like the following:
#include <stdio.h>
int main() {
printf("Hello, qemu fans!\n");
return 0;
}
Following is what you need for this book: This book is for security researchers, security professionals, embedded firmware engineers, and embedded software professionals. Learners interested in emulation, as well as software engineers interested in vulnerability research and exploitation, software testing, and embedded software development will also find it useful. The book assumes basic knowledge of programming (C and Python); operating systems (Linux and macOS); and the use of Linux shell, compilation, and debugging.
With the following software and hardware list you can run all code files present in the book (Chapter 1-12).
| Chapter | Software required | OS required |
|---|---|---|
| 1-12 | QEMU | Arch, Debian/Ubuntu, RHEL/CentOS, and SUSE |
| 1-12 | AFL/AFL++ | Arch, Debian/Ubuntu, RHEL/CentOS, and SUSE |
| 1-12 | Ghidra | Arch, Debian/Ubuntu, RHEL/CentOS, and SUSE |
| 1-12 | Avatar2 | Arch, Debian/Ubuntu, RHEL/CentOS, and SUSE |
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. Click here to download it.
Antonio Nappa is the Application Analysis Team Leader at Zimperium Inc. He has been in the cybersecurity game since 17 years old. He holds a PhD in Software and Systems from the Madrid Institute of Advanced Studies. He has been a visiting scholar at UC Berkeley. His contributions have been published and recognized in international peer-reviewed venues. Since the DEFCON 2008 Finals, he never goes to sleep with a segfault.
Eduardo Blázquez is a PhD student of the University Carlos III of Madrid. He has been working in the cybersecurity area since 2017, with interests in Reverse Engineering and Malware Analysis. Currently, he is doing a PhD thesis about Android Security, but in his spare time he likes to study different topics like program analysis or operating system internals, and from time to time he likes to play different wargames about software exploitation.
If you have already purchased a print or Kindle version of this book, you can get a DRM-free PDF version at no cost.
Simply click on the link to claim your free PDF.