Live Online Training
Presented By: David Korczynski
The 4 day course will take place online on the 13 to 16 September 2021
The price is £2,000 (inc VAT/£1666.67 ex VAT).
Prerequisites
In the course we will be reading a lot of C/C++ code, so it is expected that students are familiar with reading source code in these languages and also writing small applications.
Course Syllabus
- Introduction and core concepts behind modern fuzzing
- This section introduces and gives an overview of the course. We cover some high-level topics around fuzzing and the goal is to give an intuition for the concepts behind fuzzing that can then be used during the hands-on approach throughout the course.
- Modern coverage-guided fuzzer
- Coverage-guided fuzzing is the de-facto standard for fuzzing. This section gives a complete end-to-end introduction to modern coverage-guided fuzzing. This includes writing a first set of initial simple fuzzers, understanding how bugs are detected and finally integrating fuzzing into a real-world project that has been developed for many years.
- Efficient and effective fuzzing
- This section builds on the previous section by going into important techniques that can make your fuzzing more effective. During the presentation of the techniques we will remain focused on applying these to real-world projects.
- Structure-aware fuzzing
- This section covers the concepts of structure-aware fuzzing. The emphasis on structure-aware fuzzing is to apply the ideas of fuzzing in contexts where the input to our target is highly structured data. We will cover several concrete structure-aware techniques, including grammar-based fuzzing.
- In-depth case studies
- Throughout the course we have applied our apply fuzzing on real-world projects from the start. However, some real-world projects are so complex that they deserve more attention and the goal of this section is to cover these exact projects. This section will go into more details with complex targets and show how the techniques we have covered throughout the course are materialised in modern real-world complex applications.
- Fuzzing managed languages
- This presents fuzzing of managed languages focusing on Python, Go and Rust. This includes what type of bugs to expect when fuzzing managed languages and more.
Who should attend
- Security engineers
- Penetration testers
- Vulnerability researchers
- Red team professionals
- Program analysis researchers
- Software developers
About the instructors
The main instructor of the course is David Korczynski. David is a specialist in automated program analysis and has worked in the field of automated vulnerability analysis for many years. This includes working a lot with techniques like fuzzing, symbolic execution and various static analysis methods. He has worked in software security labs in both industry and academia, and holds a PhD from Oxford University specialising in program analysis and reverse engineering. David leads Ada Logics where he directs research and development efforts and is also the main instructor for several of our courses.
