Snapshot fuzzing direct composition with WTF

• Cisco Talos has developed a custom fuzzer using the popular snapshot fuzzer “WTF” which targets Direct Composition in Windows. 


• Talos’ vulnerability research team used Protocol Buffers developed by Google to serialize and deserialize test cases. 


• The Bochscpu backend of WTF was patched and other tricks were used to make snapshot fuzzing work correctly 


• We hope that the release of our snapshot fuzzing implementation details will give new snapshot fuzzing ideas to the readers making direct composition more secure.

Direct Composition …

backend cases cisco cisco talos fuzzer fuzzing google popular protocol research snapshot talos team test vulnerability vulnerability research vulnerability research team windows work