Hardik Shah - Practical Fuzzing: A Hands-On Learning Experience for Uncovering Vulnerabilities on Linux $2,000 (Early $1,800)

Practical Fuzzing: A Hands-On Learning Experience for Uncovering Vulnerabilities on Linux

 
Trainer(s) bio:
Hardik Shah (@hardik05) is an experienced cyber security professional with 17+ years of experience in the computer security industry. Currently works as a Principal Security Researcher at Vehere where he is responsible for analysing latest threats, detecting them and product improvements. In

the past he has worked with various security companies like Sophos, McAfee, and Symantec, where he has built research teams from ground zero, managed various critical cyber threats to provide protection to customers, implemented various product features and has mentored many people.

Hardik is also known for his skills in fuzzing and vulnerability discovery and analysis. He has discovered 35+ vulnerabilities in Microsoft and various open source software. He had conducted Trainings and workshops at various industry leading cyber security conferences such as Defcon, Bsides, RSA dark arts, and many others.

Hardik enjoys analysing latest threats and figuring out ways to protect customers from them.

Trainer(s) social media links:
    Twitter: https://twitter.com/hardik05
    LinkedIn: https://www.linkedin.com/in/hardik05/
    YouTube: https://www.youtube.com/@MrHardik05

Training information:
Fuzzing is a powerful technique for identifying vulnerabilities in software. This hands-on training will cover the theory and practical aspects of fuzzing, including coverage-guided fuzzing, basic blocks and binary instrumentation, corpus collection and minimization, target selection, crash triage and root cause analysis, and real-life CVE analysis. Attendees will have the opportunity to practice fuzzing on windows and Linux and apply the concepts and techniques learned in the training to fuzz real world software. This training is suitable for attendees with a basic understanding of software development and testing.
This training will start from user mode fuzzing and later on covers topics like linux kernel fuzzing, crash triage, root cause analysis and firmware fuzzing etc.

Previous Trainings:

TyphoonCon23 - 3days training
Also conducted workshops at - Defcon30, Bsides delhi 2021, Bsides Munich 2021, Greyhat 2021, RSA Dark Arts Village 2022 etc.

Links:

Defcon30: https ://forum.defcon.org/node/241864
Bsides Munich : https://2021.bsidesmunich.org/workshops/04-01_workshop-4/
Texas Cyber summit workshop Video : https://www.youtube.com/watch?v=m7tJkeW6H58
My YouTube Channel : https://www.youtube.com/@MrHardik05
 

Class Outline:

Following is the course outline (subject to change as we move forward/review feedback):
Day 1
• Introduction
• Different types of vulnerabilities
    • Buffer overflow
    • heap overflow
    • integer overflow
    • use after free
    • out of bound read/Write
•  This will cover some real-life vulnerability example as well.
• Hands on: Manually identifying the vulnerabilities in sample C code.
• What is fuzzing?
• Fuzzing Process
• Different types of fuzzer
    • dumb fuzzer
        ○ Example - radmasa
    • mutation fuzzer
        ○ Example - sulley
    •  coverage guided fuzzer.
        ○ Examples - AFL, WinAFL, AFL++, libfuzzer, Honggfuzz
• Basic blocks and code coverage
• Binary instrumentation
• Corpus collection
• Corpus minimization
• What is AFL and AFL++?
• How does it work?
• Fork server Vs persistent mode
    • How to write harness for persistent mode
• Fuzzing Strategies
• Different Sanitizers
    • ASAN
    • UBSAN
    • MSAN
• Using AFL
    • How to compile and install AFL++
    • How to compile Simple C program with AFL++
    • Various compilation options for AFL++
        ○ AFL_HARDEN, AFL_USE_ASAN,
        ○ AFL_DONT_OPTIMIZE etc.
• Fuzzing Simple C program using AFL++
    • Using persistent mode to improve fuzzing speed
    • Using shmem mode to improve fuzzing speed
    • Fuzzing in Qemu Mode
    • Fuzzing Different Arch Binaries with Qemu
    • Using dictionaries to fuzz
    • Using CMPLog Feature to fuzz
    • Rewriting binaries with e9afl and fuzzing them with AFL++
    • Fuzzing network binaries with AFL++
 
Day 2
• Recap of what we learned at day 1
• Root cause analysis and debugging using GDB
    • Debugging crashes using GDB
    • Finding root cause
• Crash triaging using Crashwalk
    • How to install crashwalk
    • Using Cwtriage,Cwdump
    • How to use it to do automated crash triaging
• Fuzzing real world programs
    • Fuzzing TCPDump
        ○ Getting source code and dependencies
        ○ Compiling with AFL++
        ○ Collecting Corpus
        ○ Minimising Corpus
        ○ Fuzzing the program
        ○ Looking at issues found through fuzzing
    • Fuzzing libtiff
        ○ Getting source code and dependencies
        ○ Compiling with AFL++
        ○ Collecting Corpus
        ○ Minimising Corpus
        ○ Fuzzing the program
        ○ Looking at issues found through fuzzing
    • Fuzzing ImageMagick
        ○ Getting source code and dependencies
        ○ Compiling with AFL++
        ○ Collecting Corpus
        ○ Minimising Corpus
        ○ Fuzzing the program
        ○ Looking at issues found through fuzzing
    • Fuzzing FFMpeg
        ○ Getting source code and dependencies
        ○ Compiling with AFL++
        ○ Collecting Corpus
        ○ Minimising Corpus
        ○ Fuzzing the program
        ○ Looking at issues found through fuzzing
    • Fuzzing libEMF
        ○ Getting source code and dependencies
        ○ Compiling with AFL++
        ○ Collecting Corpus
        ○ Minimising Corpus
        ○ Fuzzing the program
        ○ Looking at issues found through fuzzing
    • Fuzzing libGD
        ○ Getting source code and dependencies
        ○ Compiling with AFL++
        ○ Collecting Corpus
        ○ Minimising Corpus
        ○ Fuzzing the program
        ○ Looking at issues found through fuzzing
    • OSS-Fuzz introduction
        ○ How to set it up locally
        ○ How to build docker images and fuzzers
        ○ How to fuzz various Open-Source Software with OSS-Fuzz
    • Question and Answers
• Conclusion
 
Technical difficulty of the class (Beginner, Intermediate, Advanced) and any required experience or skills needed (Such as Python, knowledge of specific deep-learning algorithms, TCP dump analysis, Ghidra, etc.)
Beginner, Intermediate, basic knowledge of C, C++ is required.
 
Suggested prerequisites for the class. What should the student have read or prepared in advance to get the most out of your class? This could be videos to watch, books or white papers to read, etc.
• Basic Knowledge or programming in C/C++
• Basic Debugging/testing knowledge
 
Items students will need to provide:

• A laptop with 16GB of RAM and 40GB of hard disk space.
• Virtual Box or VMware or Hyper-V installed to run training virtual machines.

In this training, attendees can benefit from our real-life experience finding and reporting vulnerabilities in various closed and open-source software. The training outline is based on the practical experience and issues encountered during our own fuzzing campaigns.

DATE: August 12th-13th 2024
TIME: 8am to 5pm PDT
VENUE: Sahara Las Vegas
TRAINER: Hardik Shah

- 16 hours of training with a certificate of completion.

- 2 coffee breaks are provided per day
- Note: Food is not included

Registration terms and conditions:

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2024.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.