I’m a beginner/intermediate at reverse engineering and I’m trying to make the leap to expert. I want to do a project on virtual machines specifically escaping them and was wondering if fuzzing could be applied to them. Such as fuzzing the networking and I/O devices inside the VM, then evaluate the results. Would this be a valid way of finding vulnerabilities in VM’s?
Also how would I go about debugging a VM and hypervisor?
I’m hopefully looking for references and good pointers.
Excellent just what I was looking for thanks. Another question would be how to debug things like vbox and qemu, would this be done in the virtual machine or the host, or are there tools provided? That is the only part I’m not sure about.
You need to read the following paper:
Tavis Ormandy, An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments, 2007.
That paper describes how Tavis Ormandy fuzz-tested a variety of virtual machines and reports on his results. He found a number of serious security vulnerabilities. Basically, he did everything it sounds like you want to do — so you should start by reading to see what he did and what you can learn from it.