Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore advanced snapshot fuzzing techniques for security research in this 41-minute conference talk that demonstrates how deterministic emulation can be leveraged to discover critical vulnerabilities in complex targets like the Remote Desktop Protocol (RDP). Learn about the evolution of security research tooling as traditional attack surfaces become more secure, requiring specialized approaches including hypervisors and emulators for effective vulnerability discovery. Discover how emulators provide superior analysis platforms for root-causing bugs and implementing scalable, coverage-driven fuzzing systems compared to traditional methods. Examine the foundational work by Colas Le Guernic and Jérémy Rubert from 2022, who successfully used snapshot fuzzing with bochscpu and KVM-based systems to target Microsoft RDP Client's graphical components, resulting in the discovery of CVE-2022-30221 in the D3D11 software rasterizer. Understand the advantages of purpose-built emulators for snapshot fuzzing through practical demonstrations using the SNAFUzz system and three recent CVE discoveries. Begin with fundamental snapshot fuzzing concepts through analysis of CVE-2025-[Undisclosed_0], a straightforward kernel vulnerability that illustrates core principles. Progress to more complex RDP targeting scenarios where allocation tracking and out-of-bounds detection capabilities within emulated environments enable discovery of heap memory leak vulnerabilities such as CVE-2025-32715. Conclude with examination of a remote code execution vulnerability found in a pre-release RDP Client version, showcasing how complete emulator determinacy facilitates comprehensive understanding of complicated vulnerabilities through repeated reproduction and debugging cycles. Gain insights into modern vulnerability research methodologies that combine emulation technology with systematic fuzzing approaches to uncover security flaws in critical system components.
