As applications sandboxing matures to become the industry standard as part of its defense-in-depth strategy, software vendors are now more adept in strengthening their sandboxes after iterations of design reviews, code reviews, fuzzing and patches. However there is still a large attack surface that attackers can target to escape sandboxes; the Windows kernel.
This talk will present an architecture for fuzzing the Windows kernel and its components from test-case generation to crash collection. We will also discuss how this may be designed for a distributed fuzzing architecture that scales up effectively.
