Last week I announced that I’m planning to do a video/blog series showing how to find and exploit vulnerabilities. I hope that by trying this from scratch on a target I’ve never properly attempted before, I can share some of what I’ve learned in the past couple years of vulnerability research training.

I’d also like to show the power of a new fuzzing technique called structure aware fuzzing. It’s nothing entirely groundbreaking in the realm of fuzzing and security research, but it combines many great ideas (quickcheck, coverage guided fuzzing, in process fuzzing) in program analysis.

I asked you all about which targets people would find interesting. Thanks to everyone who made a recommendation! I went ahead and tried to group targets together by category, then I filled them out with a few more options off the top of my head.

Type Target(s)
Virtual Machines VirtualBox, VMware, Parallels, KVM
Critical Internet Infrastructure Nginx, sshd, gnupg, openssl
Kernels Linux, BSD (PS3, PS4)
Game Consoles 3DS, Switch, PS3, PS4
Scripting Languages PHP, Python, Ruby, JS
Console Emulators Project64, VBA, Citra
Mobile OS iOS, Android, AVB2.0
Linux Userland setuid/IPC binaries
Browsers Chrome, Firefox, Edge
Libraries File format parsers

Looking at the above list, it’s basically all interesting, and I could definitely see demonstrating some research on all of the above categories. Having done browsers before and currently researching iOS (as part of my day job), I think simply starting with VMs might be an interesting first step. There have been many attacks on VirtualBox recently, so there’s a good chance I’ll be able to find something too. It has real world value and it’s open source, so that makes it possible to show how structure aware fuzzing works. If that goes well (or doesn’t), I’ll continue down the list.

I look forward to showing all of you how this goes!