The 2019 Pwnie Winner For Most Innovative Research

Vectorized Emulation

Credit: Brandon Falk

If you want to find vulnerabilities or otherwise analyze code at the lowest levels, you need good tools. 

When we were young, and walked uphill both ways to school, we had debuggers and some basic memory shadowing tools like valgrind.  These tools slow down performance by a factor of 10 or even 1000 and could only perform limited analysis.

Vectorized emulation uses modern hardware tricks to run VMs not even not slower, but actually faster than native code.  It does this by rewriting a program using AVX-512 vectorized instructions which allows the simultaneous execution of 16 different VMs at near native speed. This allows for super fast differential code coverage and hardware accelerated taint tracking.  Highlights include 4000 fuzz cases per second for MS Word fuzzing, as well as security bugs found in Windows Firewall, and OpenBSD’s dhclient. The author says most people shouldn’t use this tool because it is too fast and finds too many bugs! 

Not that that’s a problem we’ve ever had to worry about.

Vectorized Emulation