.
Select Search Category

Deep Dive Into Fuzzing

Attendees would be emulating techniques which would provide a comprehensive understanding of "Crash, Detect & Triage" of fuzzed binaries or software. In "Deep dive into fuzzing" we will be covering a detailed overview of fuzzing and how it can be beneficial to professionals in uncovering security vulnerabilities with a hands-on approach through focus on labs.

Finding vulnerabilities in software requires in-depth knowledge of different technology stacks. Modern day software’s have a huge codebase and may contain vulnerabilities, manually verifying such vulnerabilities is a tedious task and may not be possible in all cases. This training is designed in such a way that it introduces the concept of fuzzing and vulnerability discovery in software’s covering multiple platforms such as Linux & Windows and triage analysis for those vulnerabilities.

Key Takeaways
  • Effective way of fuzzing

  • Understanding different class of vulnerabilities

  • Key fundamentals of fuzzing and how it works

  • Creating your own grammar for fuzzing

  • Implementing persistence for complex programs

  • Getting started with fuzzing windows binaries

  • Tons of exercises focusing on real world software’s

  • CTC – Capture the crash on a custom application

Course Content
1
Day
  • Understanding fuzzing fundamentals

  • AFL Internals

  • Setting up the environment

  • Selecting fuzzing targets

  • Spinning up the fuzzer effectively

  • Corpus generation

  • Hooking custom mutators

  • “Not so pro tips” while fuzzing

  • Improving code coverage with grammar

  • Plotting difference in code coverage

  • Enhancing your fuzzing approach
2
Day
  • Setting up persistent mode

  • AFL internals for QEMU

  • Targeting blackbox binaries

  • Introduction to cross platform architecture fuzzing

  • Fuzzing ARM

  • Setting up QEMU persistent mode

  • Introduction to network fuzzing

  • WinAFL Internals

  • Analyzing your target with debuggers

  • Improving code coverage

  • Fuzzing real world targets

  • Capture the crash

Session FAQ

The training is aimed for individuals/professionals who wish to learn the fundamentals of the fuzzing process.

Linux & Windows fundamentals Understanding of C/C++ and common datatypes

Attendees are required to have a system with root/admin privilege with minimum 8GB RAM and 100 GB disk space with VirtualBox or VMware installed.

  • Training Manual.
  • A dedicated server with custom OS (Windows & Linux) for one month.
  • Lab setup (OVA of Ubuntu 18.04 LTS and Windows 10) loaded with all the course exercise material including solutions to all of the exercises.
  • A private dedicated channel where trainers will be available to answer your queries after the training.