Exclusive online and private
Fuzzing & Security Trainings
Rust is a strongly typed and safe systems programming language developed by Mozilla. Over the years, it has become the language of choice to build memory-safe programs while maintaining high performance at scale. Rust is usually used for file format and protocol parsers but also on critical projects like in the new high-performance browser engine, Servo.
However, coding using memory-safe language doesn’t mean the code will be bug-free. Different kinds of rust security vulnerabilities like overflows, DoS, UaF, OOB, etc. can still be found and sometimes exploited to achieve remote code execution (RCE).
The goal of this course is to give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low-hanging fruit bugs manually and automatically using Rust security auditing tools. Finally, you will discover how to build custom Rust fuzzers, triage/debug crashes and improve your code coverage using different techniques.
Along this training, students will deal with a lot of hands-on exercises allowing them to internalize concepts and techniques taught in class.
COURSE SYLLABUS
Module 1 - Rust Audit & Code Review
- Introduction to Rust and its Ecosystem
- Security concepts
- Ownership, Borrowing and Lifetime
- Rust most common vulnerabilities
- Error handling & Unwrapping, Panicking macros, Arithmetic errors
- Index out of bound, Stack overflow, resource exhaustion (OOM)
- Unsafe codes
- Tooling and Sanitizers (ASAN, MSAN, etc.)
- Out of bound access (OOB), Use-after-free (UAF), Double free, Memory leak, Data Races and Race Conditions
- Rust advanced vulnerabilities
- Logic bugs, FFI, Cryptographic issues, Uninitialized & Zeroing memory
- Attack surface discovery & Auditing tools
Module 2 - Rust Fuzzing & Crash Analysis
- Fuzzing Introduction and Workflow
- Coverage-guided Fuzzing in Rust
- cargo-fuzz, afl-rs, honggfuzz-rs
- Improve your Fuzzing Process
- Code coverage, Corpus selection, Corpus minimization
- Crashes Triaging and Debugging
- Structure-aware & Grammar-based Fuzzing
- Other Advanced Testing techniques
- Symbolic Execution, Formal verification
- Differential Fuzzing
- Writing Custom Rust Fuzzers
Prerequisites
Who should attend?
- Familiarity with Linux and Rust.
- A working laptop capable of running virtual machines
- 4GB RAM required, at a minimum
- 40 GB free Hard disk space
- VirtualBox
- Administrator/root access MANDATORY
This course is suitable for people that are new to Rust. All the theory and concepts about Rust security and Rust fuzz testing will be explained during the course.
- Software developers
- Security engineers
- Vulnerability researchers
- Bug bounty hunters
- Pentesters & Red team professionals
- Anyone who want to learn more about Rust security & fuzzing
Web Browsers are one of the most used and critical software in the world. Using millions of lines of code, they are in charge of handling, sanitizing, and interpreting all kinds of (untrusted) data coming from the web. To be honest, It’s just impossible for developers to write such complex pieces of software (involving compilers, interpreters, and parsing libraries) without introducing any bugs.
As shown in the last years, Fuzz testing is by far the most efficient and scalable testing technique to find software bugs. In this training, we will apply fuzzing to find critical vulnerabilities in different web browser implementations.
First, this course will give you all the prerequisites to understand the architecture and major components of modern web browsers. Then, you will create and set up a testing environment allowing you to easily replay, debug, minimize and analyze existing issues, CVEs, and PoCs. Over dedicated modules, you will discover and fuzz the main browser components such as DOM, JS engines, JIT compilers, WebAssembly, IPC. You will learn how to use famous tools (Domato, Dharma, Fuzzilli, Frida) and create your custom fuzzers to apply different fuzzing techniques (coverage-guided, grammar-based, in-process fuzzing) to find vulnerabilities/bugs.
A lot of hands-on exercises will allow you to internalize concepts and techniques taught in class. This course will mainly focus on Google Chrome, Firefox, and WebKit/JSC.
COURSE OBJECTIVES
Learning objectives
Prerequisites
Who should attend?
- Discover the architecture and components of modern web browsers.
- Learn how to create a testing environment for browser fuzzing.
- Analyze existing CVEs, issues, and PoCs to learn from other researchers.
- Discover how to use and customize the most famous browser fuzzing tools.
- Learn how to replay, minimize and analyze crashes.
- Learn how to apply different fuzzing techniques against browser components.
- Familiarity with scripting (Python, Bash) and Linux.
- Familiarity with C/C++ and JavaScript.
- A working laptop capable of running virtual machines
- 8GB RAM required, at a minimum
- 80 GB free Hard disk space
- VirtualBox
- Administrator/root access MANDATORY
- Security engineers
- Vulnerability researchers
- Bug bounty hunters
- Anyone who want to learn more about browser internals and fuzzing
COURSE SYLLABUS
Module 1: Introduction to Browser Fuzzing
- Introduction to Fuzzing
- Modern Browser Architecture & major Components
- Setting up a Testing and Debugging environment
- Compile and Explore famous browser codebases
- Fuzzing Web Browsers Fundamentals
- Improving your Fuzzing Workflow & Automation
Module 2: Fuzzing DOM & Rendering engines
- Introduction to the Rendering engine
- HTML/CSS/XML Parsing
- Analysis of existing CVEs, Issues, and PoCs
- Blink, Gecko & WebKit Fuzzing
- DOM rendering & Implementation
- Fuzzing DOM using Grammar-based Fuzzing
Module 3: Fuzzing JavaScript Engines & JIT Compilers
- JavaScript Engine Internals & APIs
- Memory management and Garbage collection
- Analysis of existing CVEs, Issues, and PoCs
- V8, Spidermonkey & JavaScriptCore Fuzzing
- JIT compilers Internals
- TurboFan and IonMonkey Fuzzing
Module 4: Fuzzing WebAssembly Compilers & APIs
- Introduction to WebAssembly
- VM Architecture & Implementation
- Analysis of existing CVEs, Issues, and PoCs
- Fuzzing WebAssembly JavaScript APIs
- WebAssembly compilers internals
- WebAssembly In-process Fuzzing
Module 5: Fuzzing IPC and other Components
- Inter-Process Communication (IPC) Internals
- Analysis of existing CVEs, Issues, and PoCs
- Fuzzing Chrome Mojo/Legacy IPC
- Discovery of other Components Implementation
- Networking/Data Persistence APIs
- Fuzzing Media and other Plugins
This courses will give you all the prerequisites to understand what’s a WebAssembly module and its associated virtual machine. At the end of this intensive 4 days, you will be able to reverse statically and dynamically a WebAssembly module, analyze its behavior, create detection rule and search for vulnerabilities and security issues. You will learn which security measures are implemented by the WebAssembly VM to validate and handle exceptions. Finally, you will discover how to find vulnerabilities inside WebAssembly VMs (Web-browsers, Standalone VM) using differents fuzzing techniques.
Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.
COURSE SYLLABUS
Module 1 - WebAssembly Reverse Engineering
- Introduction to WebAssembly ecosystem
- WebAssembly compilation and toolchain
- Instructions set and Debugging WebAssembly module
- WebAssembly binary and Text Format
- WebAssembly Module reversing
- CFG & Call Graph reconstruction
- Data Flow Graph analysis
Module 2 - Advanced WebAssembly Modules Analysis
- Modules Instructions analytics/metrics
- Cryptominers analysis and Pattern detection signatures
- Dynamic Binary Instrumentation (DBI)
- Bytecode (De)-Obfuscation techniques
- Static Single Assignment (SSA) & Decompilation
- Hacking WebAssembly video game
COURSE OBJECTIVES
Learning objectives
Prerequisites
Who should attend?
- Learn what is WebAssembly and what’s inside a WebAssembly module.
- Discover the architecture of the WebAssembly virtual machine.
- Learn how to analyze statically and dynamically real-life wasm modules.
- Discover how to hack video games running on your browsers using WebAssembly.
- Basic reverse engineering skills.
- Familiarity with scripting (Python, Bash).
- SKILL LEVEL: BEGINNER / INTERMEDIATE
- A working laptop capable of running virtual machines
- 4GB RAM required, at a minimum
- 40 GB free Hard disk space
- VirtualBox
- Administrator / root access MANDATORY
- IDA Pro would be helpful but not required
This course is suitable for people that are new to WebAssembly. All the theory and concepts about WebAssembly reversing will be explained during the course.
- Software developers
- Security engineers
- Vulnerability researchers
- Bug bounty hunters
- Pentesters & Red team professionals
- Anyone who want to learn more about C/C++ fuzzing
This course will teach you everything you need to know to start fuzzing C/C++ source code using different fuzzing techniques. You will learn how to use famous coverage-guided fuzzing framework (afl, libfuzzer, honggfuzz) and create custom fuzz target harnesses. Then, you will learn how to evaluate and improve your fuzzing results, debug and analyze crashes. Finally, you will discover some other more advanced testing techniques to find in-depth bugs. During the all training, you will target real-life/popular C/C++ libraries.
Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.
COURSE SYLLABUS
- Introduction to Fuzzing
- Coverage-guided Fuzzing
- afl / honggfuzz
- Improve your Fuzzing workflow
- Corpus/inputs selection
- Code coverage / Corpus minimization
- Crashes Analysis
- Crashes minimization / Bucketing / Debugging / Root cause analysis
- In-Memory fuzzing
- libfuzzer / afl / honggfuzz
- Generation-based fuzzing
- Structure-aware
- Grammar-based Fuzzing with dictionaries
- Other Advanced Testing techniques
- Symbolic Execution / Concolic Execution
- Differential Fuzzing
Prerequisites
Who should attend?
- Familiarity with Linux and C/C++.
- A working laptop capable of running virtual machines
- 4GB RAM required, at a minimum
- 40 GB free Hard disk space
- VirtualBox
- Administrator/root access MANDATORY
This course is suitable for people that are new to C/C++. All the theory and concepts about C/C++ fuzz testing will be explained during the course.
- Software developers
- Security engineers
- Vulnerability researchers
- Bug bounty hunters
- Pentesters & Red team professionals
- Anyone who want to learn more about C/C++ fuzzing
Go (golang) is a statically typed and compiled programming language designed by Google. Over the years, it has become a language of choice for developers to build concurrency backend applications while maintaining high performance at scale.
This course teaches you all the prerequisites to understand which kind of vulnerability can be found inside Go code. You will learn how to find low-hanging fruit bugs manually and automatically using different Go auditing tools. You will discover how to use existing Go fuzzing coverage-guided frameworks, triage/debug crashes, and improve your code coverage. Finally, you will discover how to build custom Go fuzzers and implement advanced fuzzing techniques to find in-depth bugs on popular Go packages.
Along this training, students will deal with a lot of hands-on exercises allowing them to internalize concepts and techniques taught in class.
COURSE SYLLABUS
Module 1 - Go Security Audit and Code Review
- Introduction to Go and its Ecosystem
- Security concepts
- Memory safety, Garbage collector
- Error handling, Concurrency
- Golang common vulnerabilities
- Panicking function
- Arithmetic errors
- Out-of-bounds panics
- SIGSEGV / Nil pointer dereference
- Resource exhaustion / OOM, Stack overflow
- Advanced vulnerabilities
- Unsafe code
- Data races, Race conditions,
- Memory Leak, Logic errors, Concurrency issues
- Web App Vulnerabilities (SQLI, XSS, etc.)
- Attack surface discovery & Auditing tools
Module 2 - Go Fuzzing & Crash Analysis
- Introduction to Fuzzing
- Coverage-guided Fuzzing
- go-fuzz, libfuzzer, testing/fuzz
- Fuzz testing workflow
- Corpus/inputs collection, Code coverage
- Corpus minimization
- Crashes Analysis
- Bucketing, Crashes minimization, Debugging, Root cause analysis
- Generation-based fuzzing
- Grammar-based & Structure-aware Fuzzing
- Advanced testing techniques
- Property-based testing, Concolic Testing
- Differential fuzzing / Writing custom fuzzers
Prerequisites
Who should attend?
- Familiarity with Linux and Go.
- A working laptop capable of running virtual machines
- 4GB RAM required, at a minimum
- 40 GB free Hard disk space
- VirtualBox
- Administrator/root access MANDATORY
This course is suitable for people that are new to Go. All the theory and concepts about Go security and Go fuzz testing will be explained during the course.
- Software developers
- Security engineers
- Vulnerability researchers
- Bug bounty hunters
- Pentesters & Red team professionals
- Anyone who want to learn more about Go security & fuzzing
