Workshop: Fuzz Testing Bare Metal and RTOS Firmware // Tobias Scharnowski

Workshop: Fuzz Testing Bare Metal and RTOS Firmware

TOBIAS SCHARNOWSKI

Abstract

Fuzz testing is a powerful technique for uncovering vulnerabilities, but applying it to deeply embedded, bare-metal, or real-time operating system (RTOS) firmware presents unique challenges compared to traditional Linux-based systems. This hands-on, 90-minute workshop will guide participants through the process of analyzing and fuzz testing deeply embedded firmware using a modern technique called firmware rehosting.

Workshop Outline

Attendees will gain practical experience in:

Understanding the Landscape: We will explore the differences between deeply embedded firmware and Linux-based firmware.
Firmware Analysis with Ghidra: Participants will learn how to load and start analyzing deeply embedded firmware in Ghidra.
Fuzz Testing with Fuzzware: We will introduce Fuzzware, a rehosting-based fuzzing framework for deeply embedded systems, and demonstrate how to set up and execute fuzz tests to uncover security issues.

This workshop is ideal for security researchers, embedded developers, and anyone interested in securing low-level firmware. No prior experience is required. Attendees will leave with the knowledge and practical skills needed to start integrating fuzz testing into their embedded security workflows.

Tobias and Marius' BOOTSTRAP25 Training

All trainings come with complimentary access to our BOOTSTRAP25 event! Book a virtual or in-person trainings and get a taste of the others at BOOTSTRAP25!

Tobias Scharnowski

Tobias Scharnowski is an embedded systems security researcher at CISPA. He focuses on automated firmware security analysis techniques. Besides academia, he is a CTF RE/pwning veteran and repeat Pwn2Own participant. At Pwn2Own, he demonstrated RCE on 13 targets in the automotive and industrial automation domains. This included an exploit of the core DNP3 implementation, the protocol that powers the US electric grid.