On This Page

Fuzzing For Vulnerabilities

Chris Bisnett | March 24-25



Overview

In the last decade an enormous amount of time and money has been spent in an effort to eliminate vulnerabilities from software. Despite these efforts it is still possible to find zero-day vulnerabilities in production software using simple fuzzers. The last couple of years have seen numerous companies launch bug bounty programs in an attempt to crowd-source a solution to this problem. Whether you're a member of a development team looking to fuzz your software before release or a researcher looking to find vulnerabilities to score some bug bounty prizes, Fuzzing For Vulnerabilities will get you started developing fuzzers and running them against target software.

Fuzzing For Vulnerabilities has been updated based on previous student feedback and incorporates new material and labs.

The course will cover the following topics:
  • Fuzzing Overview - An introduction to the fundamental techniques of fuzzing including mutation-based and generative-based fuzzers, and covers the basics of target instrumentation.
  • Dumb Fuzzing - An overview of the benefits and drawbacks of generic fuzzers, which have little to no insight into the format of the data being fuzzed.
  • Smart Fuzzing - An in-depth discussion of specialized mutation-based and generative-based fuzzers, choosing fuzzed values to increase the likelihood of a crash, and using protocol specifications as a guide to develop a fuzzer.
  • Advanced Techniques - Covers advanced techniques to increase fuzzer efficiency and effectiveness. Topics include: using Address Sanitizer to enhance vulnerability detection, collecting code coverage statistics, corpus distillation, in-memory fuzzing, differential fuzzing, and introduces whitebox fuzzing (input generation).
  • Crash Analysis - Discussion of tools and methods that aid in analyzing large numbers of crashes to determine uniqueness and give a hint at the severity.

Who Should Take this Course

Software developers, vulnerability researchers, security consultants, and penetration testers interested in learning how to fuzz software or anyone looking to learn advanced techniques to enhance their fuzzing efforts.

Student Requirements

  • Comfortable developing in Python or Ruby.
  • Basic knowledge of C/C++ and common data-types.
  • Basic understanding of memory corruption vulnerabilities.

What Students Should Bring

A laptop capable of running a Windows 7 virtual machine. To optimize fuzzing speed and effectiveness, student laptops should have at least 4 gigabytes of RAM.

What Students Will Be Provided With

Along with the training manual, students will receive example fuzzers and tools developed specifically for this training by the instructors.

Trainers

Chris Bisnett is currently a security researcher at Oceans Edge. Chris has worked as a defense contractor for the U.S. government and as a vulnerability analyst at the NSA RedTeam. He has extensive experience reverse engineering proprietary protocols and developing fuzzers. When not working, Chris enjoys participating in hacker capture-the-flag events.