Advanced Fuzzing & Security Trainings

Build high-end Security Skills with courses dedicated to Software Security Audit, Vulnerability Research, Reversing and Fuzz testing.

CHOOSE YOUR NEW SKILL TO MASTER

We offers a wide-range of advanced fuzzing/security trainings and consulting services around Rust, C/C++, Golang, WebAssembly, Browser and Blockchain security. We provide online courses and public trainings at multiple security conference.

Online Courses

After a lot of requests from our clients, we have decided to provide most of our private training in a video-on-demand (VoD) format available fully online. If you are interested and want early access to the courses once published, please contact us, and don’t forget to provide your mail in the newsletter form below.

Blockchain Security

We offer a wide range of fuzzing and blockchain security services on layer 1/2 blockchain built with Rust, Go, and WebAssembly. We help our clients to develop and secure their own software, including training to boost employee qualification, code audits, as well as vulnerability assessments, and custom fuzzing development.

Private Trainings

We offer the world’s first trainings about Web Browser fuzzing and WebAssembly security in 4 to 5 days format. We have also developed some exclusive training about Rust security and Golang security that required only 2 days. Customizations are possible for online and on-site training but need to be requested as soon as possible.

Exclusive online and private

Fuzzing & Security Trainings

Rust Security
Browser Fuzzing
WebAssembly Security
C/C++ FUZZING
GO SECURITY

Rust Security Audit and Fuzzing

This goal of this course is to give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using Rust auditing tools. Finally, you will discover how to build custom Rust fuzzers, triage/debug crashes and improve your code coverage using differents techniques.

Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

COURSE OUTLINE

Day 1 - Rust Security Audit and Code Review

Introduction to Rust and its Ecosystem
Security concepts
- Ownership, Borrowing and Lifetime
Rust most common vulnerabilities
- Error handling & Unwrapping, Panicking macros, Arithmetic errors
- Index out of bound, Stack overflow, resource exhaustion (OOM)
Unsafe codes
- Tooling and Sanitizers (ASAN, MSAN, etc.)
- Out of bound access (OOB), Use-after-free (UAF), Double free, Memory leak, Data Races and Race Conditions
Rust advanced vulnerabilities
- Logic bugs, FFI, Cryptographic issues, Uninitialized & Zeroing memory
Attack surface discovery & Auditing tools

Day 2 - Finding Bugs automatically using Fuzzing

Fuzzing Introduction and Workflow
Coverage-guided Fuzzing in Rust
- cargo-fuzz, afl-rs, honggfuzz-rs
Improve your Fuzzing Process
- Code coverage, Corpus selection, Corpus minimization
- Crashes Triaging and Debugging
Structure-aware & Grammar-based Fuzzing
Other Advanced Testing techniques
- Symbolic Execution, Formal verification
- Differential Fuzzing
- Writing Custom Rust Fuzzers

Practical Web Browser Fuzzing

Web Browsers are one of the most used and critical software in the world. Using millions of lines of code, they are in charge of handling, sanitizing, and interpreting all kinds of (untrusted) data coming from the web. To be honest, It’s just impossible for developers to write such complex pieces of software (involving compilers, interpreters, and parsing libraries) without introducing any bugs.

As shown in the last years, Fuzz testing is by far the most efficient and scalable testing technique to find software bugs. In this training, we will apply fuzzing to find critical vulnerabilities in different web browser implementations.

First, this course will give you all the prerequisites to understand the architecture and major components of modern web browsers. Then, you will create and set up a testing environment allowing you to easily replay, debug, minimize and analyze existing issues, CVEs, and PoCs. Over dedicated modules, you will discover and fuzz the main browser components such as DOM, JS engines, JIT compilers, WebAssembly, IPC. You will learn how to use famous tools (Domato, Dharma, Fuzzilli, Frida) and create your custom fuzzers to apply different fuzzing techniques (coverage-guided, grammar-based, in-process fuzzing) to find vulnerabilities/bugs.

A lot of hands-on exercises will allow you to internalize concepts and techniques taught in class. This course will mainly focus on Google Chrome, Firefox, and WebKit/JSC.

COURSE OUTLINE

Module 1: Introduction to Browser Fuzzing

Introduction to Fuzzing
Modern Browser Architecture & major Components
Setting up a Testing and Debugging environment
Compile and Explore famous browser codebases
Fuzzing Web Browsers Fundamentals
Improving your Fuzzing Workflow & Automation

Module 2: Fuzzing DOM & Rendering engines

Introduction to the Rendering engine
HTML/CSS/XML Parsing
Analysis of existing CVEs, Issues, and PoCs
Blink, Gecko & WebKit Fuzzing
DOM rendering & Implementation
Fuzzing DOM using Grammar-based Fuzzing

Module 3: Fuzzing JavaScript Engines & JIT Compilers

JavaScript Engine Internals & APIs
Memory management and Garbage collection
Analysis of existing CVEs, Issues, and PoCs
V8, Spidermonkey & JavaScriptCore Fuzzing
JIT compilers Internals
TurboFan and IonMonkey Fuzzing

Module 4: Fuzzing WebAssembly Compilers & APIs

Introduction to WebAssembly
VM Architecture & Implementation
Analysis of existing CVEs, Issues, and PoCs
Fuzzing WebAssembly JavaScript APIs
WebAssembly compilers internals
WebAssembly In-process Fuzzing

Module 5: Fuzzing IPC and other Components

Inter-Process Communication (IPC) Internals
Analysis of existing CVEs, Issues, and PoCs
Fuzzing Chrome Mojo/Legacy IPC
Discovery of other Components Implementation
Networking/Data Persistence APIs
Fuzzing Media and other Plugins

WebAssembly Security Analysis and Fuzzing

This courses will give you all the prerequisites to understand what’s a WebAssembly module and its associated virtual machine. At the end of this intensive 4 days, you will be able to reverse statically and dynamically a WebAssembly module, analyze its behavior, create detection rule and search for vulnerabilities and security issues. You will learn which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will discover how to find vulnerabilities inside WebAssembly VMs (Web-browsers, Standalone VM) using differents fuzzing techniques.

Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

COURSE OUTLINE

Day 1 - WebAssembly Reversing

Introduction to WebAssembly
WebAssembly VM architecture
WebAssembly toolchain
Writing examples in C/C++/Rust/C#
Debugging WebAssembly module
WASM binary format (header, sections)
WebAssembly Text Format (wat/wast)
WebAssembly Instructions set
Coding with WASM Text format
Reversing WebAssembly module
CFG & CallGraph reconstruction
DataFlowGraph analysis
Browser Addons reversing

Day 2 - Real-life Modules Analysis

Modules Instructions analytics/metrics
WASM cryptominers analysis
Pattern detection signatures (YARA)
Taint Tracking
Dynamic Binary Instrumentation
Bytecode (De)-Obfuscation techniques
Static Single Assignment & Decompilation
Real-life WASM module analysis
Hacking WebAssembly video game

Day 3 - Wasm Modules Vulnerabilities

Traps & Exception handling
WebAssembly module vulnerabilities
Integer/Buffer/Heap Overflows
Advanced vulnerabilities (UaF, TOCTOU…)
CFI Hijacking
Emscripten vulnerabilities
Exploitation NodeJS server running wasm module
Vulnerability detection (Static & Dynamic)
Lifting WASM bytecode
Fuzzing WebAssembly modules

Day 4 - Vulnerability Research inside Wasm VM

Web-Browsers vulnerabilities analysis (CVEs PoC)
WebAssembly VM & Interpreter vulnerabilities
WebAssembly JS APIs generation
Fuzzing Web-Browsers (Chrome, Firefox, WebKit)
WASM module validation mechanism
Writing edge case module
WAT, WAST & WASM
grammar generation
Blockchain VM targets
Fuzzing C/C++/Rust/Go WASM project
WebAssembly for Security Researcher
In-memory fuzzing everything using WebAssembly & Frida

C/C++ WHITEBOX FUZZING

This course will teach you everything you need to know to start fuzzing C/C++ source code using different fuzzing techniques. You will learn how to use famous coverage-guided fuzzing framework (afl, libfuzzer, honggfuzz) and create custom fuzz target harnesses. Then, you will learn how to evaluate and improve your fuzzing results, debug and analyze crashes. Finally, you will discover some other more advanced testing techniques to find in-depth bugs. During the all training, you will target real-life/popular C/C++ libraries.

Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

COURSE OUTLINE

Introduction to Fuzzing
Coverage-guided Fuzzing
- afl / honggfuzz
Improve your Fuzzing workflow
- Corpus/inputs selection
- Code coverage / Corpus minimization
Crashes Analysis
- Crashes minimization / Bucketing / Debugging / Root cause analysis
In-Memory fuzzing
- libfuzzer / afl / honggfuzz
Generation-based fuzzing
- Structure-aware
- Grammar-based Fuzzing with dictionaries
Other Advanced Testing techniques
- Symbolic Execution / Concolic Execution
- Differential Fuzzing

Go Security Audit and Fuzzing

This course teaches you all the prerequisites to understand which kind of vulnerability can be found inside Go code. You will learn how to find low-hanging fruits bugs manually and automatically using different Go auditing tools. You will discover how to use existing Go fuzzing coverage-guided frameworks, triage/debug crashes, and improve your code coverage. Finally, you will discover how to build custom Go fuzzers and implement advanced fuzzing techniques to find in-depth bugs on popular Go packages.

Along this training, students will deal with a lot of hands-on exercises allowing them to internalize concepts and techniques taught in class.

COURSE OUTLINE

Day 1 - Go Security Audit and Code Review

Introduction to Golang and its Ecosystem
Golang Security concepts
- Concurrency, Garbage collector, etc.
Golang vulnerabilities
- Error handling, panics, nil pointer dereference
- Index out of bound, Stack overflow, resource exhaustion (OOM)
- Advanced vulnerabilities
Attack surface discovery & Auditing tools

Day 2 - Finding Bugs automatically using Fuzzing

Introduction to Golang Fuzzing
Coverage-guided Fuzzing (go-fuzz / libfuzzer)
Go Fuzz testing workflow and Corpus selection
Code coverage, Corpus minimization
Crashes Triaging and Debugging
Other Advanced Fuzz Testing techniques
Differential Go Fuzzing
Writing Custom Go Fuzzers

We taught Startup & Fortune 500 companies

Latest Blogposts

ethereum evm slither mythril echidna fuzzing audit solidity security vulnerability ETH

Solidity/Ethereum Smart Contract Audit using Slither – Blockchain Security #4

wasm webassembly browser emscripten solana wasm-pack wasm-bindgen near ewasm wasmer wasmtime

Top 7 books to learn WebAssembly in 2022

fuzzing firefox browser in-process fuzz testing frida hook browser books security

Top 4 books to learn Web Browser Security in 2022

fuzzing fuzz testing rust rustlang library patrick ventuzelo libfuzzer cargofuzz fuzzinglabs honggfuzz libafl cargo-libafl

Rust Fuzzing using cargo-libafl (LibAFL-based fuzzer)

evm reversing ethereum smart contract reverse engineering disassembly bytecode opcodes

Ethereum/EVM Smart Contract Reverse Engineering & Disassembly

beaconfuzz eth eth2.0 ethereum 2 beaconchain beacon node fuzzing nimbus prysm lighthouse lodestar

Beaconfuzz – A Journey into Ethereum 2.0 Blockchain Fuzzing and Vulnerability Discovery

linux kernel internals books security android kernel

Top 6 books to learn Linux Kernel internals in 2022

reverse reversing reverse engineering books

Top 5 books to learn Reverse Engineering in 2022

rust rustlang security books rustaceans rust programming language cargo cargo fuzz clippy

Top 6 Books to learn the Rust Programming Language in 2022

ethereum evm solidity audit mythril echidna crytic eth smart contract

Ethereum Smart Contract Analysis & Solidity Audit using Mythril – Blockchain Security #2

Fuzzing Ethereum Smart Contract using Echidna evm solidity Blockchain Security

Fuzzing Ethereum Smart Contract using Echidna – Blockchain Security #1

fuzzing tips advices vulnerability research

Top 5 Best Fuzzing & Vulnerability Research TIPS/ADVICE

wfuzz ffuf faster web fuzzer fuzzing bug bounty

Wfuzz VS ffuf – Who is the faster web fuzzer for bug bounty? Web Security #1

Learn Android Hacking & Security

log4j log4j2 rce log4shell java fuzzing library fuzz testing jazzer code intelligence

Can we find Log4Shell with Java Fuzzing? 🔥 (CVE-2021-44228 – Log4j RCE)

mozilla nss BigSig buffer overflow google project zero

WHY fuzzers MISSED this buffer-overflow in Mozilla NSS library? 🤦‍♂️ (CVE-2021-43527 explained)

scapy protocol fuzzing fuzz testing python

Fuzzing with Scapy: Introduction to Protocol Fuzzing (DNS & TCP packets)

fuzzing chrome browser fuzz testing dom grammar based fuzzing freedom dharma firefox

Fuzzing Browsers DOM using FreeDom grammar-based fuzzer

fuzzing firefox browser in-process fuzz testing frida hook

Fuzzing Firefox using In-process Fuzzing with Frida

Learning Hacking & Fuzzing books ressources

blackbox fuzzing binary-only afl aflplusplus afl++ qemu

Introduction to Blackbox Fuzzing

javascript fuzzing fuzz testing js jsfuzz

Introduction to JavaScript Fuzzing

fuzzing java code jazzer code intelligence oss fuzz fuzzing patrick ventuzelo fuzzinglabs jql

Fuzzing Java code using Jazzer

fuzzing c cplusplus c++ program code honggfuzz afl patrick ventuzelo fuzzinglabs fuzz testing

Fuzzing C/C++ program using honggfuzz

fuzzing labs golang go gofuzz go-fuzz fuzz testing code package library

Introduction to Fuzzing Golang

fuzzing labs python fuzz testing code package library pythonfuzz

Introduction to Fuzzing Python

fuzzing fuzz testing rust rustlang library patrick ventuzelo libfuzzer cargofuzz fuzzinglabs honggfuzz

Introduction to Rust fuzzing

reversing, wasm, webassembly, ethereum , ewasm, ethcc, training, security, blockchain, smart contract, patrick, ventuzelo

Reversing Ewasm contract 101 – EthCC 2020

Fuzzing npm/nodejs WebAssembly parsing library with jsfuzz

dharma wasm fuzzing webassembly training security

Fuzzing JavaScript WebAssembly APIs using Dharma/Domato (Chrome/v8)

polyglot html js webassembly wasm module security patrick ventuzelo training

How to create a valid polyglot HTML/JS/WebAssembly module

google keep wasm webassembly module patrick ventuzelo security analysis ink Sketchology protobuf webgl

Analysis of Google Keep WebAssembly module

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

We offers a wide-range of advanced fuzzing/security trainings and consulting services around Rust, C/C++, Golang, WebAssembly, Browser and Blockchain security. We provide online courses and public trainings at multiple security conference.

Online Courses

Blockchain Security

Private Trainings

Any questions about our services and trainings ?

Get in touch today with any questions that you might have.

Exclusive online and private

Fuzzing & Security Trainings

COURSE OUTLINE

Day 1 - Rust Security Audit and Code Review

Day 2 - Finding Bugs automatically using Fuzzing

Practical Web Browser Fuzzing

COURSE OUTLINE

Module 1: Introduction to Browser Fuzzing

Module 2: Fuzzing DOM & Rendering engines

Module 3: Fuzzing JavaScript Engines & JIT Compilers

Module 4: Fuzzing WebAssembly Compilers & APIs

Module 5: Fuzzing IPC and other Components

COURSE OUTLINE

Day 1 - WebAssembly Reversing

Day 2 - Real-life Modules Analysis

Day 3 - Wasm Modules Vulnerabilities

Day 4 - Vulnerability Research inside Wasm VM

COURSE OUTLINE

COURSE OUTLINE

Day 1 - Go Security Audit and Code Review

Day 2 - Finding Bugs automatically using Fuzzing

We taught Startup & Fortune 500 companies

FREE Courses & Trainings

Enter your email and we'll send you a bundle of awesome resources. 100% free - 100% awesome.

Latest Blogposts