REcon 2025 - Training Announcement
Fuzzing Windows Userland Applications Training
Master the art of uncovering vulnerabilities in Windows applications with our in-depth Windows Fuzzing training at ReCon 2025! This hands-on course will guide you through the fundamentals of fuzzing, advanced techniques like grammar-based and symbolic execution, and real-world applications targeting browsers, antivirus software, and more. Led by Patrick Ventuzelo and Kylian Boulard de Pouqueville, this training is your gateway to becoming proficient in identifying and analyzing critical security flaws in Windows environments.
Overview
Windows applications are a critical focus for vulnerability research due to their widespread use and inherent complexity. This hands-on training is designed to equip participants with the skills to identify, fuzz, and analyze vulnerabilities in popular Windows userland applications such as PDF viewers, browsers, and antivirus software. Beginning with foundational concepts like PE file structures, memory management, and common vulnerabilities, attendees will gain practical experience using tools like WinDbg for debugging and analysis, setting the stage for effective fuzzing techniques.
The training progresses into advanced fuzzing methodologies, covering topics like coverage-guided fuzzing with WinAFL, grammar-based techniques for structured inputs, and symbolic execution for deeper path exploration. Participants will work on real-world fuzzing challenges, targeting complex applications while learning to manage fuzzing output, debug crashes, and perform root cause analysis. By the end of the course, attendees will have the expertise to tackle diverse fuzzing projects, uncover critical vulnerabilities, and contribute effectively to enhancing software security.
23rd-26th of June 2025
ReCon (Montreal, Canada)
4 days
Beginner
Patrick Ventuzelo & Kylian Boulard de Pouqueville
$5500 (before May 1st) - $6000
25 participants
Schedule
Day 1
- Fuzzing Essentials with winAFL (Module 1)
Day 2
- Vulnerability Discovery, Fuzzing Improvement, and Coverage Analysis Using Jackalope (Module 2)
Day 3
- Structural Fuzzing and Symbol-less Reversing on PDF Applications (Module 3)
Day 4
- Snapshot Fuzzing (Module 4)
Your Instructors
Patrick Ventuzelo
Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, RingZer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.
Kylian Boulard de Pouqueville
Kylian Boulard de Pouqueville is a security researcher at FuzzingLabs, specializing in vulnerability research in Windows environment. He began his journey into cybersecurity by diving into malware development (Maldev), which fueled his deep understanding of Windows internals. This expertise led him to FuzzingLabs, where he now focuses on research in both userland and kernel land vulnerabilities in Windows environments.Outside of his research, Kylian enjoys developing low-level software and reverse engineering.
Topics Covered
Module 1: Fuzzing Essentials with winAFL
The first day of training introduces foundational fuzzing techniques, emphasizing the use of winAFL on libraries. Participants will delve into core fuzzing concepts, including effective corpus generation and advanced techniques to enhance the fuzzing harness. Hands-on exercises will guide participants in creating a basic harness to handle various archive formats. A practical case study on code execution vulnerabilities in WinRAR illustrates real-world applications of fuzzing within Windows environments.
🛠 Main Target Applications
- LibArchive – Open-source C library for reading and writing streaming archives.
- WinRAR – Widely-used file archiver for Windows, providing case-study insights.
📌 Key Topics
- winAFL – Windows-based fuzzer for testing applications for vulnerabilities.
- Fuzzing Fundamentals – Concepts, corpus generation, and techniques for optimizing fuzzing outcomes.
- Fuzzing Internals – Deep dive into how fuzzing tools interact with binaries and libraries on Windows.
🎯 Learning Objectives
✔️ Understand essential Windows internals relevant to fuzzing.
✔️ Learn introductory fuzzing techniques.
✔️ Develop skills to create a well-structured fuzzing corpus.Module 2: Vulnerability Discovery, Fuzzing Improvement, and Coverage Analysis Using Jackalope
On the second day, the training focuses on fuzzing IrfanView using tools such as winAFL, Jackalope, and Lighthouse to enhance analysis and triaging processes. Participants will learn essential triaging techniques, conduct coverage analysis, and apply debugging strategies to uncover vulnerabilities.
In a hands-on lab, participants will rediscover a remote code execution (RCE) vulnerability in PSP files and expand their fuzzing skills by working with WEBP formats. A comprehensive ZDi report on fuzzing IrfanView provides insights into professional vulnerability research practices.
🛠 Main Target Application
- IrfanView – An image viewer application that serves as a learning case for vulnerability research and analysis.
📌 Key Topics
- winAFL – Fuzzing tool tailored for Windows applications.
- Jackalope – Cross-platform fuzzing tool for Windows/Linux/macOS.
- Lighthouse – Code coverage visualizer for analyzing fuzzing effectiveness.
🎯 Learning Objectives
✔️ Learn techniques for triaging vulnerabilities found during fuzzing.
✔️ Gain skills in coverage analysis to assess fuzzing completeness.
✔️ Develop effective debugging practices for vulnerability investigation.
Module 3: Structural Fuzzing and Symbol-less Reversing on PDF Applications
Day three emphasizes grammar-based fuzzing techniques, focusing on applications that handle PDF files, such as PDF-XChange and IrfanView’s PDF plugin. Participants will explore fuzzing methodologies for complex file structures and gain skills in reversing binaries without symbols—a critical technique in real-world vulnerability research.
Key resources include the latest industry reports and an ICSE research paper contextualizing these fuzzing techniques within modern security research.
🛠 Main Target Applications
- IrfanView PDF Plugin – Target application for handling PDF file fuzzing within IrfanView.
- PDF-XChange – Popular PDF viewing and editing software.
📌 Key Topics
- Jackalope – Tool for grammar-based fuzzing.
- Grammar Techniques – Methods for fuzzing complex file formats.
- Reversing Without Symbols – Techniques for analyzing binaries without debugging symbols.
🎯 Learning Objectives
✔️ Develop skills in grammar-based fuzzing for structured files like PDFs.
✔️ Learn strategies for reversing and analyzing software binaries without the aid of symbols.
Module 4: Snapshot Fuzzing
Day four shifts focus to snapshot-based fuzzing techniques, using video games as a testing ground. The primary target, Assault Cube, provides a practical example for participants to apply snapshot fuzzing concepts with Wtf frameworks.
Real-world case studies, including vulnerabilities in Assault Cube’s map parser, highlight the practical impact of these techniques.
🛠 Main Target Application
- Assault Cube – Open-source, networked first-person shooter game, focusing on map parsing.
📌 Key Topics
- Snapshot Fuzzing – Techniques for creating and analyzing snapshot-based fuzzing cases.
- Wtf – Snapshot fuzzing tools.
🎯 Learning Objective
✔️ Understand snapshot fuzzing techniques for efficiently testing complex applications.
Prerequisites and requirements
PREREQUISITES
- Basic to intermediate proficiency in C/C++.
- Familiarity with Windows internals and debugging tools.
- Understanding of reverse engineering fundamentals.
HARDWARE REQUIREMENTS
- Virtualization-capable CPU(s).
- Minimum 8GB of RAM (for running one or two guest VM).
- Minimum 80GB free disk space.
- Host CPU: Intel.
SOFTWARE REQUIREMENTS
- Debugging Tools for Windows (IDA Pro, WinDBG) and decompiler recommended.
- Virtualization Software (VMware, VirtualBox).
- System administrator access required on both host and guest OSs.
About Us
Founded in 2021 and headquartered in Paris, FuzzingLabs is a cybersecurity startup specializing in vulnerability research, fuzzing, and blockchain security. We combine cutting-edge research with hands-on expertise to secure some of the most critical components in the blockchain ecosystem.
Contact us for an audit or long term partnership!
