Coverage-guided USB fuzzing with Syzkaller | OffensiveCon 2019

A talk about creating a syzkaller extension for finding Linux kernel vulnerabilities that can be exploited externally by a malicious USB device. I show how I used the USB Gadget subsystem for emulating USB devices and extended KCOV to collect coverage from USB packet parsing paths. Slides: https://docs.google.com/presentation/... Twitter:   / andreyknvl   Website: https://xairy.io/ 00:00 Intro 01:48 Agenda 02:18 Syzkaller overview 16:04 USB overview 24:16 USB fuzzing with Syzkaller 38:14 Demo: USB fuzzing in progress 40:00 Demo: running reproducers in a VM 41:19 Linux kernel USB fuzzing results 43:43 Hardware reproducers 45:21 Demo: crashing Linux over USB 49:16 Bonus 50:27 Demo: crashing Windows over USB 52:50 Thanks and questions

Join Today
Memory Tagging for the kernel — Tag-Based KASAN | Android Security Symposium 2020
▶︎

Memory Tagging for the kernel — Tag-Based KASAN | Android Security Symposium 2020

Fuzzing USB with Raw Gadget | Munich BSides 2022
▶︎

Fuzzing USB with Raw Gadget | Munich BSides 2022

Fuzzing Linux Drivers with Syzkaller | ELCE 2020
▶︎

Fuzzing Linux Drivers with Syzkaller | ELCE 2020

DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, Jonghyuk Song
▶︎

DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, Jonghyuk Song

BlueHat IL 2020 - Dmitry Vyukov - syzkaller: Adventures in Continuous Coverage-guided Kernel Fuzzing
▶︎

BlueHat IL 2020 - Dmitry Vyukov - syzkaller: Adventures in Continuous Coverage-guided Kernel Fuzzing

Sanitizing the Linux kernel — On KASAN and other Dynamic Bug-Finding Tools | LSS Europe 2022
▶︎

Sanitizing the Linux kernel — On KASAN and other Dynamic Bug-Finding Tools | LSS Europe 2022

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains
▶︎

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains

Linux Full Course for Beginners | Learn Linux System Administration
▶︎

Linux Full Course for Beginners | Learn Linux System Administration

Mitigating Linux kernel memory corruptions with Arm Memory Tagging | Linux Security Summit 2021
▶︎

Mitigating Linux kernel memory corruptions with Arm Memory Tagging | Linux Security Summit 2021

The Unity Tutorial For Complete Beginners
▶︎

The Unity Tutorial For Complete Beginners

Linux for Hackers Tutorial (And Free Courses)
▶︎

Linux for Hackers Tutorial (And Free Courses)

SLUB Internals for Exploit Developers | LSS Europe 2024
▶︎

SLUB Internals for Exploit Developers | LSS Europe 2024

Nvidia CEO Jensen Huang Interview| Bloomberg Technology Special
▶︎

Nvidia CEO Jensen Huang Interview| Bloomberg Technology Special

RL for Agents Workshop - Deep Dive on Training Agents with RL and Open Source
▶︎

RL for Agents Workshop - Deep Dive on Training Agents with RL and Open Source

Allen Bradley PLC Programming Sequencer Tutorial. Sequence Control
▶︎

Allen Bradley PLC Programming Sequencer Tutorial. Sequence Control

Fuzzing Linux Drivers with Syzkaller - Ricardo Cañuelo Navarro, Collabora
▶︎

Fuzzing Linux Drivers with Syzkaller - Ricardo Cañuelo Navarro, Collabora

DEF CON 23 - Hardware Hacking Village - Matt DuHarte - Introduction to USB and Fuzzing
▶︎

DEF CON 23 - Hardware Hacking Village - Matt DuHarte - Introduction to USB and Fuzzing

OffensiveCon20 - Maddie Stone - Bad Binder: Finding an Android In The Wild 0day
▶︎

OffensiveCon20 - Maddie Stone - Bad Binder: Finding an Android In The Wild 0day

Building the PERFECT Linux PC with Linus Torvalds
▶︎

Building the PERFECT Linux PC with Linus Torvalds

We let AI buy a robot and a car, it does exactly what experts warned.
▶︎

We let AI buy a robot and a car, it does exactly what experts warned.