{"product_id":"deep-dive-into-fuzzing-zubin-devnani-dhiraj-mishra-dctlv2026","title":"Deep Dive into Fuzzing - Dhiraj Mishra \u0026 Zubin Devnani - DCTLV2026","description":"\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eName of Training\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e Deep Dive into Fuzzing\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eTrainer(s)\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e Dhiraj Mishra \u0026amp; Zubin Devnani\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eDates\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e \u003cmeta charset=\"utf-8\"\u003eAugust 10-11, 2026\u003cbr\u003e\u003c\/span\u003e\u003cspan\u003e\u003cstrong\u003eTime:\u003c\/strong\u003e 8\u003c\/span\u003e\u003cspan\u003e:00 am to 5:00 pm \u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eVenue\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e \u003cmeta charset=\"utf-8\"\u003eLas Vegas Convention Center\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eCost\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e: \u003c\/strong\u003e$2,000 (USD)\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eShort Summary:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eThis course teaches you how to use modern fuzzing techniques to automatically uncover software vulnerabilities and integrate fuzzing effectively into a secure SDLC. You’ll gain hands-on skills in building, running, and scaling fuzzers so you can identify critical flaws early and reduce security risk before software reaches production. \u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eCourse Description: \u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003eAttendees would be emulating techniques which would provide a comprehensive understanding of \"Crash, Detect \u0026amp; Triage\" of fuzzed binaries or software. In \"Deep dive into fuzzing\" we will be covering a detailed overview of fuzzing and how it can be beneficial to professionals in uncovering security vulnerabilities with a hands-on approach through focus on labs.\u003c\/p\u003e\n\u003cp\u003eFinding vulnerabilities in software requires in-depth knowledge of different technology stacks. Modern day software’s have a huge codebase and may contain vulnerabilities, manually verifying such vulnerabilities is a tedious task and may not be possible in all cases. This training is designed in such a way that it introduces the concept of fuzzing and vulnerability discovery in software’s covering multiple platforms such as Linux \u0026amp; Windows and triage analysis for those vulnerabilities.\u003c\/p\u003e\n\u003cp\u003e\u003cspan\u003e\u003cstrong\u003eCourse Outline: \u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eFuzzing taxonomies (generation-based vs mutation-based, coverage-guided fuzzing)\u003c\/li\u003e\n\u003cli\u003eThreat modeling and choosing high-value fuzzing targets\u003c\/li\u003e\n\u003cli\u003eInstrumentation basics (compile-time vs runtime instrumentation)\u003c\/li\u003e\n\u003cli\u003eWriting custom harnesses for effective fuzzing\u003c\/li\u003e\n\u003cli\u003eSeed selection and seed corpus optimization\u003c\/li\u003e\n\u003cli\u003eCode coverage analysis and feedback-driven fuzzing\u003c\/li\u003e\n\u003cli\u003eDictionary creation and protocol grammar hints\u003c\/li\u003e\n\u003cli\u003eHandling timeouts, hangs, and flaky crashes\u003c\/li\u003e\n\u003cli\u003eCrash triage, deduplication, and root-cause analysis\u003c\/li\u003e\n\u003cli\u003eReproducing crashes reliably\u003c\/li\u003e\n\u003cli\u003eExploitation basics: assessing crash exploitability\u003c\/li\u003e\n\u003cli\u003eIntegrating fuzzing into CI\/CD pipelines\u003c\/li\u003e\n\u003cli\u003eScaling fuzzing with parallelization and distributed setups\u003c\/li\u003e\n\u003cli\u003eFuzzing libraries, file formats, and parsers\u003c\/li\u003e\n\u003cli\u003eHybrid fuzzing (fuzzing + static\/dynamic analysis)\u003c\/li\u003e\n\u003cli\u003ePerformance tuning and optimization for long fuzzing runs\u003c\/li\u003e\n\u003cli\u003eCommon fuzzing pitfalls and how to avoid them\u003c\/li\u003e\n\u003cli\u003eFuzzing for memory corruption bugs (heap, stack, use-after-free)\u003c\/li\u003e\n\u003cli\u003eFuzzing real-world open-source targets (case studies)\u003c\/li\u003e\n\u003cli\u003eReporting findings and communicating risk to developers and stakeholders\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eDifficulty Level:\u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eBeginner to Intermediate.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBeginner Definition - The student has an interest in the topic presented and general technology knowledge that a power user or undergraduate student may have acquired.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eIntermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.\u003c\/span\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat Students Should Bring: \u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eAttendees are required to have a system with root\/admin privilege with minimum 8GB RAM and 100 GB disk space with VirtualBox or VMware installed.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat the Trainer Will Provide:\u003c\/strong\u003e\u003cspan style=\"font-family: -apple-system, BlinkMacSystemFont, 'San Francisco', 'Segoe UI', Roboto, 'Helvetica Neue', sans-serif; font-size: 0.875rem;\"\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eThe trainer will provide comprehensive course materials and detailed runbooks covering all labs and exercises, along with access to a dedicated fuzzing server instance that attendees can use to test and run their fuzzing campaigns for two days after the training. Participants will also receive access to a private Slack workspace where they can ask questions, discuss challenges, and get post-training support from the trainer as they continue applying the techniques learned.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eTrainer(s) Bio:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cmeta charset=\"utf-8\"\u003e\u003cspan\u003eDhiraj Mishra is a\u003c\/span\u003en active speaker who has discovered multiple zero-days in modern web browsers and an open-source contributor. He is a trainer at DEF CON, BlackHat, BruCON, 44CON and presented in conferences such as Ekoparty, NorthSec, Hacktivity, PHDays, Hack in Paris \u0026amp; HITB. In his free time, he blogs at www.inputzero.io\/www.fuzzing.at and tweets on @RandomDhiraj.\u003c\/p\u003e\n\u003cp\u003eZubin Devnani is a red teamer by trade, who has identified multiple vulnerabilities in commonly used software. He is a trainer at Blackhat and has delivered multiple workshops, including PHDays and Hacktivity. Utilizes his fuzzing skills in his day to day trade to identify new ways of breaking into enterprises! Blogging at devtty0.io and tweets on @p1ngfl0yd. \u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eProficiency Exam Option:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cmeta charset=\"utf-8\"\u003eThis course has the option for a proficiency certificate add-on. As part of the \"CTC\" capture the crash competition at the end of the course, attendees who successfully demonstrate the fuzzing goal and crash can earn the proficiency certificate. \u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003ePlease reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eRegistration Terms and Conditions: \u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTrainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBetween July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll trainings are non-refundable after August 5, 2026.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTraining tickets may be transferred to another student. Please email us at training@defcon.org for specifics.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eIf a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eFailure to attend the training without prior written notification will be considered a no-show. No refund will be given.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eDEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBy purchasing this ticket you agree to abide by the \u003c\/span\u003e\u003ca href=\"https:\/\/defcon.org\/html\/links\/dc-code-of-conduct.html\"\u003e\u003cspan\u003eDEF CON Training Code of Conduct\u003c\/span\u003e\u003c\/a\u003e\u003cspan\u003e and the registration terms and conditions listed above.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eSeveral breaks will be included throughout the day. Please note that food is not included.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.\u003c\/span\u003e\u003c\/p\u003e","brand":"Las Vegas 2026","offers":[{"title":"Course only - Aug 10-11","offer_id":47667725598938,"sku":null,"price":2000.0,"currency_code":"USD","in_stock":true},{"title":"Course + Proficiency Exam - Aug 10-11","offer_id":47667725631706,"sku":null,"price":2300.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0629\/2088\/4442\/files\/Dhiraj_Mishra_7ab78947-e348-4a74-bb7e-59ea43310aa3.jpg?v=1774555412","url":"https:\/\/training.defcon.org\/products\/deep-dive-into-fuzzing-zubin-devnani-dhiraj-mishra-dctlv2026","provider":"defcontrainings","version":"1.0","type":"link"}