Explore an innovative bug hunting method called Hourglass Fuzz in this 58-minute conference talk from the Hack In The Box Security Conference. Learn how this system, designed for Android but applicable to other platforms, addresses limitations of traditional fuzzing techniques like AFL and syzkaller. Discover how Hourglass Fuzz overcomes data dependencies and code execution sequence challenges to reach deeper code locations, while consuming less computational power and time. Gain insights into the successful application of this method in uncovering 0day bugs in graphic drivers and Bluetooth systems on Android 9 for Pixel 3. Delve into the Hourglass Fuzzing philosophy, user space and kernel space fuzzing techniques, attack interface selection, and best practices. Understand the intricacies of Bluetooth architecture, packet structure, and target functions. Explore sanitizer support, fuzzing strategies, and practical implementation details, including build kernel issues, KGSL specifics, and automation techniques. Enhance your security research toolkit with this powerful approach to vulnerability discovery in complex systems. Read more