hAFL1: Our Journey of Fuzzing Hyper-V and Discovering a 0-Day

Schedule Not Yet Finalized November 3, 2021 - Feedback     

Bookmark and Share

Peleg Hadar
Ophir Harpaz

In this session, we present hAFL1 and provide the implementation bits required to write a Hyper-V fuzzer. We uncover a critical 0-day in Hyper-V vmswitch which was found using our fuzzer – an arbitrary read vulnerability. Finally, we show a live demo of exploiting this vulnerability, which until only a few weeks ago could take down big portions of Azure cloud infrastructure.