![]() What is snapshot fuzzing?įuzzing uncovers software issues by monitoring how the system behaves while processing data, especially data provided as an input to the system. While we provide an EC2 AMI to make it easier to get started by launching on a bare metal instance (more information on that provided below), users are free to run Snapchange in other environments that meet the basic hardware requirements. Thus, it is compatible with EC2 bare metal instance types, which run without a hypervisor, but not with EC2 virtualized instances. Note: Snapchange operates within a Linux operating system but requires direct access to underlying KVM primitives. In this blog post we’ll walk through a set of tutorials you’ll find in the repository to help provide a deeper understanding of Snapchange. We welcome pull requests on GitHub and look forward to discussions that help enable future research via the project. AWS F2 team is actively supporting Snapchange and has plans for new features, but we hope to engage the security research community to produce a more richly-featured and robust tool over the longer term. Snapchange is available today under the Apache License 2.0 via GitHub. We have found it sufficiently useful that we are sharing it with the broader research community. Snapchange is one of a number of tools and techniques used by the F2 team in its research efforts aimed at creating a secure and trustworthy open source supply chain for AWS and its customers. Snapchange has now grown into a project that aims to provide a friendly experience for researchers and developers to experiment with snapshot fuzzing. Snapshot fuzzing is a growing area of interest and experimentation among security researchers. Snapchange started as an experiment by the AWS Find and Fix (F2) open source security research team to explore the potential of using KVM in enabling snapshot fuzzing. While Snapchange is agnostic to the target operating system, the included snapshot mechanism focuses on Linux-based targets for gathering the necessary debug information. Snapchange utilizes the features of the Linux kernel’s built-in virtual machine manager known as kernel virtual machine or KVM. ![]() Snapchange is a Rust framework for building fuzzers that replay physical memory snapshots in order to increase efficiency and reduce complexity in fuzzing many types of targets. Snapchange enables a target binary to be fuzzed with minimal modifications, providing useful introspection that aids in fuzzing. ![]() Today we are happy to announce Snapchange, a new open source project to make snapshot-based fuzzing much easier. However, the task of configuring a target to be fuzzed can be a laborious one, often involving refactoring large code bases to enable fuzz testing. Fuzz testing or fuzzing is a commonly used technique for discovering bugs in software, and is useful in many different domains. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |