Modern fuzzing techniques including code coverage driven, syntax description, passive and active combination and so on are well proved.
In Blackhat Europe 2018 I introduced PanicXNU v1, the smart active fuzzer for macOS syscall, which is based on google’s syzkaller. In this talk, I would like to introduce PanicXNU v3 – the new version of my smart fuzzer that adds support for smart IOKit fuzzing and passive fuzzing. By using PanicXNU, I have already found more than 60 unique kernel crashes and received several CVEs including 2 for MacOS in Pwn2Own.
This talk will cover:
Syscall fuzzing.
Active IOKit fuzzing.
Passive IOKit fuzzing.
Fuzzing visualization.
The project’s mission is to smart fuzz every corner in Apple kernel.