Applied Source Code Fuzzing

For developers, attackers and defenders
Online course

Abstract

This course teaches you the foundations of fuzzing and how to apply it on real-world complex software. The course focuses on source-based fuzzing, which means that we will only fuzz software for which we have source code available. This course brings a deep and comprehensive view into fuzzing, and there is a lot of material to cover. We do not just show how to run a few commands - we go deep into the code of targets as well as fuzzers, find bugs in real-world projects and more. Following completion of the course you will be able to fuzz professionally at a high level.

Throughout the course you have several exercises and assignments. The assignments ask you to fuzz real-world software and you receive personalised feedback on your work. In addition to this, you can ask the instructor any qestion at any stage in the process, ensuring you have maximum flexbility to learn in your own manner and at your own pace.

The course is heavily focused on real-world connection, and because of this you will be fuzzing many real-world projects in the course. You will learn how to surgically target your analysis towards specific parts of the application you are analysing, and do so against some of the most complex applications in the world such as Chromium.

Student reviews:

"I did several trainings on fuzzing mainly on security conferences and this training now is by far the most useful one. No shenanigans, straight to the point, good explanations and demonstrations. I’ll recommend this to everyone looking for serious fuzzing training." Lead testing engineer.
"I'm really enjoying the course so far and have already learned alot from it, after only 33% of the material." Security consultant.
"I also really like that this course quickly starts looking at "real world" projects and just seeing you going through the whole process on how to approach fuzzing a project has been gold." Security consultant.

Learning objectives

To gain a solid understanding of the foundations and background on fuzzing
To get into details with modern fuzzers, focusing on the popular LibFuzzer
To understand the concepts behind sanitizers and how to use them to find bugs
To get hands-on experience with writing fuzzers for a range of diverse software applications, e.g. parsers, languages, browsers and databases
To reinforce the above knowledge through exercises and hands-on experiences against realworld technologies
To understand the concepts mutation-based fuzzing, generation-based fuzzing, in-memory fuzzing, feedback-based fuzzing, coverage-guided fuzzing
To be able to fuzz efficiently with corpus selection, dictionaries and fuzzing visualisations
To perform complex structure-aware fuzzing, including grammar-based fuzzing and fuzzing of state-full applications
To get hands-on experience with writing fuzzers for real-world applications

Who should attend?

Software developers
Security engineers
Vulnerability researchers.
Red team professionals
Program analysis researchers

Prerequisites

In the course we will be reading a lot of C/C++ code, so it is expected that students are familiar with reading source code in these languages and also writing small applications.

Student discount

If you are a full-time student and can prove this, then you are eligible for a 25% discount. To claim the student discount, buy the course on our website and notify us in the message field that you would like the students discount. This discount is only valid for full prices, i.e. no discounts on early-bird prices.

Why study fuzzing?

Automating the process of uncovering programming errors in software is a well-known task. Fuzzing is one of the core techniques for doing this and the basic idea behind fuzzing is to send large amounts of pseudo-random inputs to a given target application and for each input observe whether the input triggers any faulty behaviour in the target. This technique has drastically increased in popularity in recent years. For example, the oss-fuzz project run by Google has found over 16,000 bugs in 250 open source projects since its inception in January 2017 to January 2020.

Many research efforts have been put into fuzzing, so whereas fuzzing was originally introduced as sending large amounts of random inputs, the concept has now evolved into sophisticated science that relies on rigorous program analysis techniques to optimally send “interesting’’ inputs in large amounts. Some fuzzers even adapt techniques from software verification to ensure a more calculated approach to crafting inputs. Fuzzing is particularly useful to finding memory corruption bugs that often trigger sophisticated exploits and can discover a variety of types like stack-based buffer overflows, heap-based buffer overflows, memory-out-of-bounds, null-pointer dereference and use-after-free.

Fuzzing is popular in the industry. The Behemoths of the software industry like Microsoft and Google have performed fuzzing for more than a decade now. DARPA invested more than 55 million in a project called Cyber Grand Challenge where more than 100 teams developed new techniques for automated vulnerability discovery and the vast majority of top-performing teams relied on Fuzzing as the main way of finding vulnerabilities. Fuzzing has empirically proven itself as a major way of automating the bug-finding process and the technique has placed itself as one of the de facto standards for ensuring secure software.

Key Learning Objectives
Understand the concepts behind modern fuzzing
In-depth understanding of LibFuzzer
Sanitizers and memory corruption overview
How to use fuzzers to find real bugs
How to fuzz parsers
How to fuzz complex real-world applications, e.g. PHP and Chromium
How to fuzz applications that expect highly structured data
You get
Lecture videos
Lecture notes
Hands-on exercises of varying difficulty
24/7 access to platform and self-paced course
6 months subscription to online training platform
Additional 6 month subscriptions at a 99£ rate
Course updates during subscription period

Price: 999£