Antonio Nappa - Saturday, 24 February - 90 mins



The workshop will showcase the QEMU Course, were we move among different architectures and harnesses. We will show famous tools such as American Fuzzy Lop (AFL) and its improved version, AFL++. You’ll learn how to combine these powerful tools to create your own emulation and fuzzing environment and then use it to discover vulnerabilities in various systems, such as iOS, Android, and Samsung’s Mobile Baseband software, Shannon.


Workshop Highlights:

  • Setting the Stage: Get acquainted with the prerequisites and tools vital to grasp the nuances of this workshop, ensuring you can make the most of the content ahead.
  • Journey Through Time: Embark on a historical exploration of emulation, understanding its evolution, nuances, and its paramount role in the ever-evolving landscape of cybersecurity.
  • QEMU - The Emulator Spotlight: Get an in-depth understanding of QEMU - our system emulator of choice, learning about its internals, capabilities, and previous success stories.
  • Fuzzing with QEMU: Dive into the intricacies of QEMU's execution modes and the dynamic world of fuzzing. Understand static versus dynamic fuzzing and their practical applications.

Case Studies Galore:

  • Relive the discovery of a 2011 vulnerability in VLC through the synergy of QEMU and AFL.
  • Understand the real-world implications with a look into the vulnerability found in modern Samsung phones.
  • Venture into full-system fuzzing with studies on OpenWRT, diving into nuances when targeting different architectures such as ARM.
  • Witness the marvel of iOS full-system fuzzing, understanding the unique challenges and solutions involved.
  • Explore the world of Android libraries and their vulnerabilities, leveraging the open-source project Sloth.

Concluding Thoughts:

Summarize the wealth of knowledge, emphasizing the significance of the research and future directions in this critical domain of cybersecurity.

This workshop promises a holistic understanding, from basics to advanced techniques, ensuring participants can apply these insights to real-world challenges. Whether you're a novice in cybersecurity or a seasoned practitioner, this session has something valuable for everyone. Join us in this engaging journey, drawing from the extensive research and practical examples from Fuzzing Against the Machine.


Antonio Nappa, ph.D is the application analysis team leader at zimperium inc. Before joining zimperium he worked at brave software and corelight. Antonio has been active in the cybersecurity industry since 17 years. He has been a visiting scholar at uc berkeley, eurecom, vsb-tuo. He has published more than 15 papers in international peer-reviewed venues.

He is also an inventor and a well recognized adjunct professor at uc3m madrid. He is co-author of: fuzzing against the machine: automate vulnerability research with emulated iot devices on qemu, packt publishing 2023. Since the defcon 2008 finals with the guard@mylan0 team, he never goes to sleep with a segfault.