VMI-sandsifter

[tklengyel]

The project sandsifter project implements a ring3 x86 instruction fuzzer to detect hidden instructions. However, sandsifter blacklists the use of certain instructions that may lead to process corruption or OS crash (ie. system calls). Using VMI it would be possible to expand the scope of sandsifter by monitoring the target VM for OS and process crashes. Furthermore, using VMI it could also be expanded to execute instructions in ring0.

With utilizing memory sharing multiple VMs could be deployed to speed up the fuzzing process and to deploy fresh VMs after a process/OS crash has been observed.