Deep Dive into Fuzzing
Finding vulnerabilities in software requires in-depth knowledge of different technological stacks. Modern day software’s have a huge codebase and may contain vulnerabilities. Manually verifying such vulnerabilities is a tedious task and may not be possible in all cases. This training is designed in such a way that it introduces the concept of fuzzing and vulnerability discovery in software covering multiple platforms such as Linux & Windows and triage analysis for those vulnerabilities.
During this training, attendees would be emulating techniques which would provide a comprehensive understanding of “Crash, Detect & Triage” of fuzzed binaries or software. In “Deep dive into fuzzing” we will be covering a detailed overview of fuzzing and how it can be beneficial to professionals in uncovering security vulnerabilities with a hands-on approach through focus on labs.
Day 1
- Understanding fuzzing fundamentals
- AFL Internals
- Setting up the environment
- Selecting fuzzing targets
- Spinning up the fuzzer effectively
- Corpus generation
- Address/Memory Sanitizers
- Hooking custom mutators
- “Not so pro tips” while fuzzing
- Parallel fuzzing
- Improving code coverage with grammar
- Plotting difference in codecoverage
- Enhancing your fuzzing approach
- Symbolic execution fuzzing
Day 2 & 3
- Setting up persistent mode
- Introduction to QEMU
- AFL internals for QEMU
- Targeting Blackbox binaries Introduction to ARM
- Cross-platform architecture fuzzing
- Setting up QEMU persistent
- Introduction to network fuzzing
- WinAFL Internals
- Analyzing your target with debuggers
- Improving code coverage
- Fuzzing browser engines and SSL libraries
- Overview of different fuzzing frameworks
- Integrating slack with fuzzing stats
- Capture the crash
Key Takeaways
- Effective ways of fuzzing
- Understanding the different class of vulnerabilities
- Key fundamentals of fuzzing and how it works
- Creating your own grammar for fuzzing
- Implementing persistence for complex programs
- Utilizing QEMU for binary only fuzzing
- Introduction to ARM and fuzzing ARM binaries
- Getting with fuzzing windows binaries
- Tons of exercises focusing on real world software’s
- CTC – Capture the crash on a custom application
Students will be provided
- Walkthrough of lab exercises.
- A dedicated server with custom OS (Windows & Linux) for one month which can be utilized for fuzzing.
- A private dedicated channel where trainers will be available to answer your queries after the training.
- Local lab setup (OVA of Ubuntu and Windows) loaded with all the course exercises and material including solutions.