Panic on the Streets of Amsterdam: PanicXNU 3.0

Modern fuzzing techniques including code coverage driven, syntax description, passive and active combination and so on are well proved.

In Blackhat Europe 2018 I introduced PanicXNU v1, the smart active fuzzer for macOS syscall, which is based on google’s syzkaller. In this talk, I would like to introduce PanicXNU v3 – the new version of my smart fuzzer that adds support for smart IOKit fuzzing and passive fuzzing. By using PanicXNU, I have already found more than 60 unique kernel crashes and received several CVEs including 2 for MacOS in Pwn2Own.

This talk will cover:

  • Syscall fuzzing.
  • Active IOKit fuzzing.
  • Passive IOKit fuzzing.
  • Fuzzing visualization.

The project’s mission is to smart fuzz every corner in Apple kernel.

Location: Track 2 Date: May 10, 2019 Time: 4:30 pm - 5:30 pm Juwei Lin Junzhi Lu