Advanced Fuzzing & Security Trainings

We offers a wide-range of advanced fuzzing/security trainings and consulting services around Rust, C/C++, Golang, WebAssembly and blockchain security. We also provide online courses and public trainings at multiple IT security conference.

Online Courses

After a lot of requests from our clients, we have decided to provide actual and under development trainings available fully online. If you are interested and want an early access to the courses once published, don’t forget to provide your mail in the newsletter form below.

Trainings

We offer the world’s first training about WebAssembly security in 4 to 5 days format. We have also developed an exclusive training about Rust security that required only 2 days. Customization is possible for online and on-site trainings, but need to be requested as soon as possible.

Services

We offers a wide-range of Fuzzing, WebAssembly and Rust consulting services to our clients. We help them to develop and secure their own software, including trainings to boost employee qualification, code audits, as well as vulnerability assessments and custom fuzzing development.

Exclusive online and private

Fuzzing & Security Trainings

Rust Security
WebAssembly Security
C/C++ FUZZING

Rust Security Audit and Fuzzing

This goal of this course is to give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using Rust auditing tools. Finally, you will discover how to build custom Rust fuzzers, triage/debug crashes and improve your code coverage using differents techniques.

Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

COURSE OUTLINE

Day 1 - Rust Security Audit and Code Review

Introduction to Rust
Security concepts & Ownership
Panicking macros
Error handling & Unwrapping
Unsafe codes
Attack surface discovery
Rust vulnerabilities & impacts
Uninitialized & Zeroing memory
Rust Security Auditing tools

Day 2 - Finding Bugs automatically using Fuzzing

Setup fuzzers easily (cargo-fuzz, afl-rs, honggfuzz-rs)
Crashes Triaging
Structure-aware Fuzzing
Debugging / Bugs analysis
Code coverage
Grammar-based Fuzzing
Corpus minimization
Sanitizers (ASAN, MSAN, …)
Symbolic execution

WebAssembly Security Analysis and Fuzzing

This courses will give you all the prerequisites to understand what’s a WebAssembly module and its associated virtual machine. At the end of this intensive 4 days, you will be able to reverse statically and dynamically a WebAssembly module, analyze its behavior, create detection rule and search for vulnerabilities and security issues. You will learn which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will discover how to find vulnerabilities inside WebAssembly VMs (Web-browsers, Standalone VM) using differents fuzzing techniques.

Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

COURSE OUTLINE

Day 1 - WebAssembly Reversing

Introduction to WebAssembly
WebAssembly VM architecture
WebAssembly toolchain
Writing examples in C/C++/Rust/C#
Debugging WebAssembly module
WASM binary format (header, sections)
WebAssembly Text Format (wat/wast)
WebAssembly Instructions set
Coding with WASM Text format
Reversing WebAssembly module
CFG & CallGraph reconstruction
DataFlowGraph analysis
Browser Addons reversing

Day 2 - Real-life Modules Analysis

Modules Instructions analytics/metrics
WASM cryptominers analysis
Pattern detection signatures (YARA)
Taint Tracking
Dynamic Binary Instrumentation
Bytecode (De)-Obfuscation techniques
Static Single Assignment & Decompilation
Real-life WASM module analysis
Hacking WebAssembly video game

Day 3 - Wasm Modules Vulnerabilities

Traps & Exception handling
WebAssembly module vulnerabilities
Integer/Buffer/Heap Overflows
Advanced vulnerabilities (UaF, TOCTOU…)
CFI Hijacking
Emscripten vulnerabilities
Exploitation NodeJS server running wasm module
Vulnerability detection (Static & Dynamic)
Lifting WASM bytecode
Fuzzing WebAssembly modules

Day 4 - Vulnerability Research inside Wasm VM

Web-Browsers vulnerabilities analysis (CVEs PoC)
WebAssembly VM & Interpreter vulnerabilities
WebAssembly JS APIs generation
Fuzzing Web-Browsers (Chrome, Firefox, WebKit)
WASM module validation mechanism
Writing edge case module
WAT, WAST & WASM
grammar generation
Blockchain VM targets
Fuzzing C/C++/Rust/Go WASM project
WebAssembly for Security Researcher
In-memory fuzzing everything using WebAssembly & Frida

C/C++ WHITEBOX FUZZING

This course will teach you everything you need to know to start fuzzing C/C++ source code using different fuzzing techniques. You will learn how to use famous coverage-guided fuzzing framework (afl, libfuzzer, honggfuzz) and create custom fuzz target harnesses. Then, you will learn how to evaluate and improve your fuzzing results, debug and analyze crashes. Finally, you will discover some other more advanced testing techniques to find in-depth bugs. During the all training, you will target real-life/popular C/C++ libraries.

Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

COURSE OUTLINE

Introduction to Fuzzing
Coverage-guided Fuzzing
- afl / honggfuzz
Improve your Fuzzing workflow
- Corpus/inputs selection
- Code coverage / Corpus minimization
Crashes Analysis
- Crashes minimization / Bucketing / Debugging / Root cause analysis
In-Memory fuzzing
- libfuzzer / afl / honggfuzz
Generation-based fuzzing
- Structure-aware
- Grammar-based Fuzzing with dictionaries
Other Advanced Testing techniques
- Symbolic Execution / Concolic Execution
- Differential Fuzzing