Fuzzing Windows Userland Applications

Master Fuzzing on Windows: Find Vulnerabilities, Improve Coverage, and Strengthen Security!

This intensive 4-day training equips participants with cutting-edge fuzzing techniques and real-world applications, focusing on Windows environments, structured file fuzzing, and advanced vulnerability research. The training combines theoretical foundations, practical labs, and case studies to prepare participants for professional fuzzing and vulnerability discovery challenges.

⏳ 32 hours | 🔄 Last updated : 01/2025

 

Private Session

What you will learn

Foundations of Windows Fuzzing

Learn the fundamentals of fuzzing with winAFL and understand how to generate effective corpora. Hands-on labs will guide you through setting up fuzzing harnesses, targeting real-world applications like WinRAR and LibArchive, and uncovering vulnerabilities in widely-used software.

Advanced Fuzzing & Vulnerability Discovery

Expand your fuzzing capabilities with Jackalope and Lighthouse for coverage-guided testing and vulnerability triaging. Analyze IrfanView and rediscover a remote code execution vulnerability in PSP files. Gain skills in debugging and vulnerability research methodologies used by professionals.

Structural & Snapshot Fuzzing for Complex Applications

Explore grammar-based fuzzing for complex file formats like PDFs, and learn symbol-less reverse engineering techniques. Apply snapshot fuzzing to video games like Assault Cube and discover real-world security flaws in game engines.

What’s included ?

👨‍💻 25+ hands-on exercises & labs
♾️ Lifetime access
📖 280+ digital and printable slides
📝 Assignments to apply your new skills
💯 Certificate of completion

Perfect for…

This course is for anyone who’s looking for a hands-on and pragmatic approach to audit and secure Rust code such as:

✔ Security engineers
✔ Vulnerability researchers
✔ Pentesters & Red team professionals

Pricing

Individual/
Self-Paced

$4 400
  • E-Learning
Let's talk
BEST VALUE

Teams
On Demand

Starting at
 $4 200
 per participant
  • E-Learning
Let's talk

Private Training

Starting at
 $20 000
  • Instructor led
  • In Person or Live Online
Let's talk

Your instructors

patrick ventuzelo webassembly security rust fuzzing

Patrick
Ventuzelo

Patrick, CEO & Founder of FuzzingLabs, has 7 years of experience training on Rust and Go, applied to fuzzing and reverse engineering.

Nabih
Benazzouz

Nabih is a security researcher that specializes in vulnerability research, fuzzing, reverse engineeringr, and secure system development.

Trainings at Upcoming Events and Conferences

Content

Module 1: Fuzzing Essentials with winAFL

The first day of training introduces foundational fuzzing techniques, emphasizing the use of winAFL on libraries. Participants will delve into core fuzzing concepts, including effective corpus generation and advanced techniques to enhance the fuzzing harness. Hands-on exercises will guide participants in creating a basic harness to handle various archive formats. A practical case study on code execution vulnerabilities in WinRAR illustrates real-world applications of fuzzing within Windows environments.

🛠 Main Target Applications

  • LibArchive – Open-source C library for reading and writing streaming archives.
  • WinRAR – Widely-used file archiver for Windows, providing case-study insights.

📌 Key Topics

  • winAFL – Windows-based fuzzer for testing applications for vulnerabilities.
  • Fuzzing Fundamentals – Concepts, corpus generation, and techniques for optimizing fuzzing outcomes.
  • Fuzzing Internals – Deep dive into how fuzzing tools interact with binaries and libraries on Windows.

🎯 Learning Objectives

✔️ Understand essential Windows internals relevant to fuzzing.
✔️ Learn introductory fuzzing techniques.
✔️ Develop skills to create a well-structured fuzzing corpus.

Module 2: Vulnerability Discovery, Fuzzing Improvement, and Coverage Analysis Using Jackalope

On the second day, the training focuses on fuzzing IrfanView using tools such as winAFL, Jackalope, and Lighthouse to enhance analysis and triaging processes. Participants will learn essential triaging techniques, conduct coverage analysis, and apply debugging strategies to uncover vulnerabilities.

In a hands-on lab, participants will rediscover a remote code execution (RCE) vulnerability in PSP files and expand their fuzzing skills by working with WEBP formats. A comprehensive ZDi report on fuzzing IrfanView provides insights into professional vulnerability research practices.

🛠 Main Target Application

  • IrfanView – An image viewer application that serves as a learning case for vulnerability research and analysis.

📌 Key Topics

  • winAFL – Fuzzing tool tailored for Windows applications.
  • Jackalope – Cross-platform fuzzing tool for Windows/Linux/macOS.
  • Lighthouse – Code coverage visualizer for analyzing fuzzing effectiveness.

🎯 Learning Objectives

✔️ Learn techniques for triaging vulnerabilities found during fuzzing.
✔️ Gain skills in coverage analysis to assess fuzzing completeness.
✔️ Develop effective debugging practices for vulnerability investigation.

Module 3: Structural Fuzzing and Symbol-less Reversing on PDF Applications

Day three emphasizes grammar-based fuzzing techniques, focusing on applications that handle PDF files, such as PDF-XChange and IrfanView’s PDF plugin. Participants will explore fuzzing methodologies for complex file structures and gain skills in reversing binaries without symbols—a critical technique in real-world vulnerability research.

Key resources include the latest industry reports and an ICSE research paper contextualizing these fuzzing techniques within modern security research.

🛠 Main Target Applications

  • IrfanView PDF Plugin – Target application for handling PDF file fuzzing within IrfanView.
  • PDF-XChange – Popular PDF viewing and editing software.

📌 Key Topics

  • Jackalope – Tool for grammar-based fuzzing.
  • Grammar Techniques – Methods for fuzzing complex file formats.
  • Reversing Without Symbols – Techniques for analyzing binaries without debugging symbols.

🎯 Learning Objectives

✔️ Develop skills in grammar-based fuzzing for structured files like PDFs.
✔️ Learn strategies for reversing and analyzing software binaries without the aid of symbols.

Module 4: Snapshot Fuzzing

Day four shifts focus to snapshot-based fuzzing techniques, using video games as a testing ground. The primary target, Assault Cube, provides a practical example for participants to apply snapshot fuzzing concepts with Wtf frameworks.

Real-world case studies, including vulnerabilities in Assault Cube’s map parser, highlight the practical impact of these techniques.

🛠 Main Target Application

  • Assault Cube – Open-source, networked first-person shooter game, focusing on map parsing.

📌 Key Topics

  • Snapshot Fuzzing – Techniques for creating and analyzing snapshot-based fuzzing cases.
  • Wtf – Snapshot fuzzing tools.

🎯 Learning Objective

✔️ Understand snapshot fuzzing techniques for efficiently testing complex applications.

Prerequisite

    • Basic to intermediate proficiency in C/C++.
    • Familiarity with Windows internals and debugging tools.
    • Understanding of reverse engineering fundamentals.
    • Virtualization-capable CPU(s).
    • Minimum 8GB of RAM (for running one or two guest VM).
    • Minimum 80GB free disk space.
    • Host CPU: Intel.
    • Debugging Tools for Windows (IDA Pro, WinDBG) and decompiler recommended.
    • Virtualization Software (VMware, VirtualBox).
    • System administrator access required on both host and guest OSs.

Any questions about our services and trainings ?

Get in touch today with any questions that you might have.

Let's Talk

Our latest articles

Keep in touch with us !

email

contact@fuzzinglabs.com

X (Twitter)

@FuzzingLabs

Github

FuzzingLabs

LinkedIn

FuzzingLabs

email

contact@fuzzinglabs.com

X (Twitter)

@FuzzingLabs

Github

FuzzingLabs

LinkedIn

FuzzingLabs