On This Page

Fuzzing For Vulnerabilities

Chris Bisnett | March 25-26



Overview

As the complexity of modern software increases, vulnerability researchers need additional tools and skills to automate security assessments. Fuzzers provide a means to automate a portion of the assessment to enable researchers to focus their attention on the critical pieces and help increase code coverage.

Fuzzing For Vulnerabilities teaches students how to create fast and effective fuzzers capable of finding vulnerabilities in nearly any software. Unlike other fuzzing courses, Fuzzing For Vulnerabilities does not focus on a specific fuzzing framework but teaches students the fundamentals behind fuzzing and guides them through the development of their own fuzzers based on these techniques.

The course starts with an overview of the fuzzing process, covering how to setup and configure the target software, detect crashes, and save input files. This will be followed by a discussion of generative and mutation based fuzzing techniques including random dumb fuzzers, block based fuzzers, and the often overlooked grammar based fuzzers. The course finishes with a discussion on automated crash analysis in an attempt to determine crash uniqueness.

Fuzzing For Vulnerabilities contains a large section of advanced fuzzing techniques to enhance fuzzing efficiency and effectiveness. Advanced topics include: using AddressSanitizer to enhance vulnerability detection, collecting code coverage statistics, corpus distillation, in-memory fuzzing, differential fuzzing, and introduces input generation from con colic execution.

Fuzzing For Vulnerabilities takes a hands-on approach to learning to develop fuzzers. Students will be fuzzing video and audio file formats in an attempt to find zero-day vulnerabilities. The targeted software was specifically chosen by the instructors because of its wide distribution and relatively large attack surface. Student exercises have been developed using Python and Ruby. Students therefore are encouraged to develop their fuzzers using one or both of these languages to receive the best support from instructors.


Who Should Take This Course

Vulnerability researchers, security consultants, and penetration testers interested in learning how to fuzz software or anyone looking to learn advanced techniques to enhance their fuzzing efforts.


Student Requirements


What Students Should Bring

A laptop capable of running a virtual machine loaded with Windows 7. To optimize fuzzing speed and effectiveness, student laptops should have at least 4 gigabytes of RAM.


What Students Will Be Provided With

Along with the training manual, students will receive example fuzzers and tools developed specifically for this training by the instructors.


Trainers

Chris Bisnett currently works for a defense contractor and was previously enlisted in the U.S. Navy. While enlisted in the Navy, Chris worked as a vulnerability analyst and an operator at the NSA RedTeam. He has extensive experience reverse engineering proprietary protocols and developing fuzzers. Chris has been developing in C/C++ for more than 10 years and recently attempted to write a C++11 compliant compiler as part of the C++ Grandmaster challenge. He is also interested in applying SMT solvers to automate and enhance vulnerability discovery. When not working, Chris enjoys participating in hacker capture-the-flag events.