Google engineer demonstrates & releases open source fuzzing tool

Hacker From Google Ports Windows Defender To Linux To Demonstrate New Tools Capabilities

Windows being the  de facto operating system of the world is also a hot bed for security research. Microsoft has for years had a system where researchers could notify the company of new exploits – termed zero-day exploits – to patch the same. These exploits at times throw up interesting research just like Tavis Ormandy has done recently with his fuzzing tool.

Fuzz Testing

Fuzz testing or fuzzing is a software testing approach wherein invalid or unexpected data is fed to a computer program that is then monitored for unexpected behavior such as crashes or memory leaks. The technique that Ormandy has worked on is in the domain of vulnerability scanning by injecting data directly into a DLL file ( a Windows file format ). Fuzzing however, is better utilized on Linux since the open-source OS is gifted with better tools to deal with interconnected components – the lack of which makes the process much more complicated on Windows.

“Distributed, scalable fuzzing on Windows can be challenging and inefficient. This is especially true for endpoint security products, which use complex interconnected components that span across kernel and user space. This often requires spinning up an entire virtualized Windows environment to fuzz them or collect coverage data,” Ormandy explains.

The Development

Therefore, Ormandy developed a tool for Linux that included a library that was capable of loading and running functions from a Windows DLL file. He has put together a demo of this tool – which also required him to port Windows Defender  – the default anti-virus on Windows 8.1 onward onto Linux. Ormandy has provided a detailed explanation of his tool along with details of the demo involving Windows Defender stating, “The intention is to allow scalable and efficient fuzzing of self-contained Windows libraries on Linux. Good candidates might be video codecs, decompression libraries, virus scanners, image decoders, and so on.”

mpengine.dll, which is a core component of the Malware Protection Engine, also known as MsMpEng, is one of the primary targets of exploits and therefore bringing it onto Linux for fuzzing enabled him to examine it for possible vulnerabilities – explains the Google security researcher. You can check out the demo for yourself here.

Source: Softpedia

Delwyn Pinto
Delwyn Pinto
A person proud to have an alternate view


Please enter your comment!
Please enter your name here

Read More

Suggested Post