This course will teach you everything you need to know to start fuzzing C/C++ source code using different fuzzing techniques. You will learn how to use famous coverage-guided fuzzing framework (afl, libfuzzer, honggfuzz) and create custom fuzz target harnesses. Then, you will learn how to evaluate and improve your fuzzing results, debug and analyze crashes. Finally, you will discover some other more advanced testing techniques to find in-depth bugs. During the all training, you will target real-life/popular C/C++ libraries.
Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.
COURSE SYLLABUS
- Introduction to Fuzzing
- Coverage-guided Fuzzing
- afl / honggfuzz
- Improve your Fuzzing workflow
- Corpus/inputs selection
- Code coverage / Corpus minimization
- Crashes Analysis
- Crashes minimization / Bucketing / Debugging / Root cause analysis
- In-Memory fuzzing
- libfuzzer / afl / honggfuzz
- Generation-based fuzzing
- Structure-aware
- Grammar-based Fuzzing with dictionaries
- Other Advanced Testing techniques
- Symbolic Execution / Concolic Execution
- Differential Fuzzing
Prerequisites
Who should attend?
- Familiarity with Linux and C/C++.
- A working laptop capable of running virtual machines
- 4GB RAM required, at a minimum
- 40 GB free Hard disk space
- VirtualBox
- Administrator/root access MANDATORY
This course is suitable for people that are new to C/C++. All the theory and concepts about C/C++ fuzz testing will be explained during the course.
- Software developers
- Security engineers
- Vulnerability researchers
- Bug bounty hunters
- Pentesters & Red team professionals
- Anyone who want to learn more about C/C++ fuzzing
What Students are Saying...
"This course definitely delivered what it says on the tin. I now have a reasonable overview of what's possible with fuzzing and gained on-hands experience. The complexity and depth of this topic makes it infeasible to cover everything in depth in just 2 days. Thankfully Patrick provides a ton of links and book recommendations. I wish to learn more about selecting/generating corpora and how to practically fuzz network services in-process. The lab VM was well setup and enjoyable to use. All in all I'd recommend this course."
Anonymous
Security engineer
"Really clean and interesting training that helps me to understand better what is fuzzing and how to apply it on my C and C++ code."
Anonymous
Software developer
"The best part was building the harness and understanding how to build it. Also this training simplified a lot of things where I was lost due to having a lot of information over the internet."
Anonymous
Security engineer
"Patrick is very skilled in his art. This course covers so much to get into the world of fuzzing. This course even covers how Radamsa can be used from a pentesting perspective. Highly recommend this course to anyone looking to learn more about fuzzing open source applications! "
Brendan.S
Vulnerability researcher
"This training is definitely woth it, a plus will be more exercises e.g. in software like Apache web server, some ftp server, etc."
Anonymous
Vulnerability researcher