Interestingly, the author of Capstone and Unicorn seems to be working on it’s own AFL guided fuzzer: https://twitter.com/capstone_engine/status/925327798566129664 .
Nice. Fuzzing against arbitrary binary code is nothing new. But instrumented, guided fuzzing with AFL for binary code is a pretty big deal.
This blog post is the first time I’ve heard of unicorn though, what’s the performance overhead of running a binary in unicorn?
I did a few (now outdated) benchmark of some emulation engines a few years ago and unicorn was already quite fast: https://github.com/isra17/emu_test . I should do it again and include native speeds. Unicorn is using QEMU behind the scene so I would guess AFL performance would be similar.