44CON

The UK's Best Cybersecurity Event Series

Applied Source Code Fuzzing: 2021

This course teaches you the foundations of fuzzing and how to apply it on real-world complex software. The course provides a deep and comprehensive view of modern fuzzing, and there is a lot of material to cover. We do not just show how to run a few commands – we go deep into the code of targets and fuzzers, with the goal of finding bugs in real-world projects and more. This course will teach you in-depth and pragmatically how to fuzz, and following completion of the course you will be able to apply your skills professionally at a high level.

The course is heavily focused on real-world problems, and because of this you will be fuzzing many real-world software packages in the course. You will learn how to surgically target your analysis towards specific parts of the application you are analysing, and do so against some of the most complex applications in the world such as Chromium.

The 4 day course will take place online on the 13-16 September 2021.

This product is currently out of stock and unavailable.

SKU: 44CON-2021-TRN-ASCF Category: Tags: , , , ,

Live Online Training

Presented By: David Korczynski

The 4 day course will take place online on the 13 to 16 September 2021

The price is £2,000 (inc VAT/£1666.67 ex VAT).

Read more

Prerequisites

In the course we will be reading a lot of C/C++ code, so it is expected that students are familiar with reading source code in these languages and also writing small applications.

Course Syllabus

  1. Introduction and core concepts behind modern fuzzing
    1. This section introduces and gives an overview of the course. We cover some high-level topics around fuzzing and the goal is to give an intuition for the concepts behind fuzzing that can then be used during the hands-on approach throughout the course.
  2. Modern coverage-guided fuzzer
    1. Coverage-guided fuzzing is the de-facto standard for fuzzing. This section gives a complete end-to-end introduction to modern coverage-guided fuzzing. This includes writing a first set of initial simple fuzzers, understanding how bugs are detected and finally integrating fuzzing into a real-world project that has been developed for many years.
  3. Efficient and effective fuzzing
    1. This section builds on the previous section by going into important techniques that can make your fuzzing more effective. During the presentation of the techniques we will remain focused on applying these to real-world projects.
  4. Structure-aware fuzzing
    1. This section covers the concepts of structure-aware fuzzing. The emphasis on structure-aware fuzzing is to apply the ideas of fuzzing in contexts where the input to our target is highly structured data. We will cover several concrete structure-aware techniques, including grammar-based fuzzing.
  5. In-depth case studies
    1. Throughout the course we have applied our apply fuzzing on real-world projects from the start. However, some real-world projects are so complex that they deserve more attention and the goal of this section is to cover these exact projects. This section will go into more details with complex targets and show how the techniques we have covered throughout the course are materialised in modern real-world complex applications.
  6. Fuzzing managed languages
    1. This presents fuzzing of managed languages focusing on Python, Go and Rust. This includes what type of bugs to expect when fuzzing managed languages and more.

Who should attend

  • Security engineers
  • Penetration testers
  • Vulnerability researchers
  • Red team professionals
  • Program analysis researchers
  • Software developers

Read more

About the instructors

The main instructor of the course is David Korczynski. David is a specialist in automated program analysis and has worked in the field of automated vulnerability analysis for many years. This includes working a lot with techniques like fuzzing, symbolic execution and various static analysis methods. He has worked in software security labs in both industry and academia, and holds a PhD from Oxford University specialising in program analysis and reverse engineering. David leads Ada Logics where he directs research and development efforts and is also the main instructor for several of our courses.

Additional information

Date

14-17 June 2021, 13-16 September 2021