Ruxcon Training

PRACTICAL VULNERABILITY DISCOVERY WITH FUZZING

Brian Gorenc & Abdul-Aziz Hariri

October 19 - 20, Melbourne, Australia

EARLY BIRD

$2800

ENDS July 31

REGULAR

$3000

ENDS August 31

LATE

3300

STARTS September 01

Prices do not include GST

OVERVIEW

Finding vulnerabilities in modern software requires knowledge of multiple frameworks and an in-depth understanding of thousands of lines of code. Manually auditing these sizeable code bases is impractical without the aid of automation. This course is designed to introduce students to the concept of vulnerability discovery through fuzzing, triaging security vulnerabilities, and determining the exploitability of crashing conditions.

Students will be exposed to techniques to quickly identify common patterns in specifications that produce vulnerable conditions, learn the process to build a successful fuzzer, and highlight public fuzzing frameworks that produce quality results. These concepts will be reinforced with "real world" case studies that demonstrate the fundamentals being introduced. By the end of the course, the students will be able to leverage existing fuzzing frameworks, develop their own test harnesses, integrate publicly available data generation engines and automate the analysis of crashing test cases.

Some of the topics to be covered include:

  • Protocol and specification analysis
  • Mutational and grammar-based input generation
  • Target monitoring using custom developed test harnesses
  • Best practices in analyzing software exceptions
  • Tips and guidance in how to discover 0-day vulnerabilities