msFuzz is a coverage-guided fuzzer for Windows kernel drivers that utilizes Intel PT and leverages constraint and dependency analysis to guide fuzzing.
- msFuzz uses Intel PT to achieve code coverage.
- The msFuzz follows an AFL-like design and can detect semi-stateful bugs.
- msFuzz is a well-designed fuzzer based on Nyx-Fuzzer/kAFL and Redqueen.
- Designed to find bugs for windows Driver that interact with user using DeviceIoControl.
-
Intel Skylake or later: The setup requires a Gen-6 or newer Intel CPU (for Intel PT) and adequate system memory (~2GB RAM per CPU)
-
Patched Host Kernel: A modified Linux host kernel will be installed as part of the setup. Running kAFL inside a VM may work starting IceLake or later CPU.
-
Ubuntu: The installation and tutorials are tested for recent Ubuntu 20.04.6 LTS.
- 100+ Security Bugs in 100 days
- 20+ EoP (Elevation of Privilege)