2024-06-13 –, Dasharo vPub
Intel has open-sourced a new tool, HBFA-FL, that performs fuzzing of UEFI code from user-space. It is well-suited for identify code security issues and can incorporate a variety of sanitizers to uncover latent issues in code. This talk will provide a short overview of the tool along with Q&A.
HBFA-FL is a new fuzzing tool from Intel that performs fuzzing of UEFI EDK2 source code from user-space. It abstracts out hardware accesses and allows off-the-shelf fuzzers to explore EDK2 code looking for potential security issues.
Link to the tool: https://github.com/intel/HBFA-FL
See also:
Dr. Tipton is a senior security researcher at Intel where he focuses on system software fuzzing (UEFI), red teaming, and cloud security. Before Intel he specialized in vulnerability research and reverse engineering. He is passionate about finding bugs and helping improve security for the community.