Advanced Persistent Threat (APT) actors have a lot of resources and motivation for reaching their targets. In many cases they pick specific targets very carefully. Unlike regular threat actors, APTs are covert and difficult to track. They are not likely to try 1-day vulnerabilities to find just any target; their targets are likely to have the latest security updates. Most APTs carry out cyber attacks with only unknown vulnerabilities (0-days). They need to find their own new 0-days in order to breach their target environment. To succeed in the long run, they probably need to find many 0-days, so they can minimize the number of times each one is used in the wild and the risk of exposing it. The top APTs will aim for kernel vulnerabilities where they can alter what users see in user-space, be persistent, and generally have much more control over the system.
They may also aim for hypervisor vulnerabilities to attack cloud services based on virtualization. While the search for new vulnerabilities may be done manually, APTs may prefer to use automation for better results and longer term usage. One type of automation APTs are likely to use is fuzzing! In this talk, I will present the main components of fuzzing, different fuzzing strategies, and provide a quick look at kernel / hypervisor fuzzing - the most delicate fuzzing arena of them all.