In the previous post, we stopped at the point where AFL++ had produced instrumented binaries with PCGUARD and LTO. In this installment, we pick up the story at runtime: tracing the execution of those binaries, observing how coverage signals are collected, and following how afl-fuzz consumes that feedback to discover new paths. This is where […]
In the previous post, we laid out the theoretical map of AFL++’s instrumentation modes, from the classic edge coverage to modern LLVM-based techniques. With that foundation in place, it’s time to move from theory to practice. This article focuses on the compilation process with afl-cc: how LTO and PCGUARD instrumentation are inserted into the binary, […]
AFL++ has earned its reputation as a top-tier fuzzer thanks to its clever use of code coverage to guide the search for bugs. This series takes a deep dive into that process. In this first post, we’ll explore the instrumentation modes AFL++ uses to generate coverage—from the classic AFL edge hash to modern LLVM-based approaches. […]
In the previous posts, we successfully set up our development environment, wrote a minimal kernel to handle booting, and initialized the UART to get a “Hello, world!” message printing to a serial console. This was a critical milestone, proving that our code can boot and run correctly within the QEMU emulator on the virt AArch64 […]
In my last post, I laid the groundwork for interrupt handling in my AArch64 OS in Rust. Now, it’s time to put that foundation to good use and switch our UART from a polling-based approach to an interrupt-driven one. In this post, I’ll go over how I made that change and what it means for […]
In the last post, we built the foundation for exception handling on AArch64 by focusing on synchronous exceptions like svc calls. This was an essential first step, but synchronous exceptions are only part of the picture. To fully embrace event-driven design — and move beyond polling — we now need to handle asynchronous exceptions, namely […]
In the previous post, we got our UART up and running using simple polling to send and receive data. While polling is straightforward, it’s also inefficient — the CPU must constantly check for new input, wasting cycles that could be used more effectively elsewhere. Now it’s time to take the next step: setting up a […]
In the last post, we successfully bootstrapped the very first steps of our AArch64 operating system. We wrote a minimal boot.s assembly file to set up the stack and called into Rust code, where we printed a simple “Hello, World!” message to the screen using the semihosting feature of QEMU.This gave us a first taste […]
Introduction I’ve been passionate about low-level systems and cybersecurity for years. Recently, I’ve felt the urge to go deeper — to build something from scratch. Inspired by the QEMU AArch64 Bare Bones guide, I decided to take on a new challenge: writing an operating system targeting the AArch64 architecture. But there’s a twist — instead […]
Hello again. Today I’m so happy to announce that I have finished a master’s degreee in cybersecurity at the Universitat Politècnica de València (UPV) with top honors!!! My final master’s project consists in a deep insight into the Trusted Execution Environment (TEE) technology. In the paper that you can find here, I explore the technology […]