The tool focuses on enhancing fuzzing. This technique produces scans for vulnerability directly from a DLL file. By using data injection, fuzz testing, users can automate the search for invalid or surprising data injected into apps. Ormandy says Fuzzing works better on Linux. This is because the open source platform has tools that makes the process more efficient compared to Windows. “Distributed, scalable fuzzing on Windows can be challenging and inefficient. This is especially true for endpoint security products, which use complex interconnected components that span across kernel and user space. This often requires spinning up an entire virtualized Windows environment to fuzz them or collect coverage data,” Ormandy explains. His new tool uses a library to give native Linux programs the ability to load functions from a Windows DLL. Ormandy put together a demo that shows fuzzing working through a Windows Defender port to Linux. “The intention is to allow scalable and efficient fuzzing of self-contained Windows libraries on Linux. Good candidates might be video codecs, decompression libraries, virus scanners, image decoders, and so on,” Ormandy explains on the open Github page.
Work with Project Zero
As mentioned, Travis Ormandy is probably best known for his role with Project Zero. The cybersecurity division searches for zero day vulnerabilities and relays the flaws to software vendors. Companies are given 90 days to fix any vulnerabilities before Project Zero makes the threat known. Ormandy was a researcher who helped find recent Microsoft Windows and Edge vulnerabilities. While Microsoft patched some of these, others were made public and patched later.