Applied Fuzzing And Vulnerability Analysis Course

Live On-Site / Live Virtual

Harnessing the Power of Fuzzing for Software Security

Automate vulnerability detection with fuzzing to uncover hidden software weaknesses. Learn to integrate fuzzing into your Secure Development Lifecycle, saving time and resources. Gain hands-on experience with triage analysis and the “Crash, Detect & Triage” process for proactive security.

What You Will Learn

This training empowers you to harness the power of fuzzing, an automated technique that uncovers hidden vulnerabilities in software. Manual testing for these weaknesses in complex codebases is a struggle. Fuzzing automates this process, feeding your software unexpected inputs to expose cracks in its armor. By integrating fuzzing into your Secure Development Lifecycle (SDLC), you can proactively identify and fix vulnerabilities early, saving time and resources down the line. This training equips you with the knowledge to not only understand fuzzing fundamentals but also apply them across various platforms like Linux and Windows. You’ll gain expertise in triage analysis, allowing you to prioritize and effectively address the vulnerabilities identified through fuzzing. Through hands-on labs, you’ll gain real-world experience with the “Crash, Detect & Triage” process, solidifying your fuzzing mastery. This training is designed for security professionals and developers who want to take a proactive approach to software security.

By attending this course, you will get

Training Manual for the course
A dedicated server with custom OS (Windows & Linux) for one month
Lab setup (OVA of Ubuntu and Windows) loaded with all the course
Exercise material including solutions to all of the exercises
A private dedicated channel where trainers will be available to answer your queries after the training

Key Objectives

Efficient fuzzing techniques
Exploring various vulnerability classes
Essential basics and mechanics of fuzzing
Designing custom grammars for fuzzing
Establishing persistence in intricate programs
Leveraging QEMU for binary-centric fuzzing
ARM architecture introduction and ARM binary fuzzing
Initiating fuzzing for Windows binaries
Numerous practical exercises with real-world software
CTC – Capturing crashes in custom applications

Duration

3 Days

Ways to Learn

Live Virtual

Live On-Site

Who Should Attend?

This training program is designed for individuals and professionals seeking to acquire a comprehensive understanding of the fundamentals of fuzzing.

laptop Requirements

Laptop with a minimum of 6GB RAM and 40GB free hard disk space
VMware Workstation, VMware Fusion (even trial versions can be used) or VirtualBox.
You must have full administrator access to the Windows operating system installed inside the VMware Workstation/Fusion.

Need To Justify To Your Manager?

Need a Template to Justify the Training Request to your Manager? Download the Template below

Syllabus

Module 1 - Fundamentals of Fuzzing

Understanding fuzzing fundamentals
AFL Internals
Setting up the environment
Selecting fuzzing targets
Spinning up the fuzzer effectively
Corpus generation
Address/Memory Sanitizers
Hooking custom mutators
Parallel fuzzing
Improving code coverage with grammar
Plotting difference in code coverage
Enhancing your fuzzing approach

Module 2 - Fuzzing and Crash Analysis

Setting up persistent mode
Introduction to QEMU
AFL internals for QEMU
Targeting blackbox binaries
Introduction to ARM
Cross-platform architecture fuzzing
Setting up QEMU persistent
Introduction to network fuzzing
WinAFL Internals
Fuzzing windows binaries
Analyzing your target with debuggers
Improving code coverage

Module 3 - Advanced Fuzzing Techniques

Symbolic execution fuzzing
Introduction to libFuzzer
Writing simple libFuzzer harness
Setting up ClusterFuzz
Fuzzing browser engines and SSL libraries
Overview of different fuzzing frameworks
Integrating slack with fuzzing stats
Capture the crash

Prerequisites

To successfully participate in this course, attendees should possess the following:

Working knowledge of cybersecurity and pentesting fundamentals
Working knowledge of Fuzzing concepts and Corpus generation is recommended, but not required
Basic Windows & Linux skills and command-line proficiency
Understanding of fundamental programming concepts and looping structures in at-least one higher-level language
Basic Windows/Linux binary assembly knowledge is recommended, but not required

TRUSTED TRAINING PROVIDERS

Our trainers boast more than ten years of experience delivering diverse training sessions at conferences such as Blackhat, HITB, Power of Community, Zer0con, OWASP Appsec, and more.

Interactive discussion in a mobile security training session at BlackHat

Trainer engaging with attendees in a mobile security training.

Participants in a mobile security training session watching a presentation.

Classroom setup during a mobile security training session.

Participants taking notes during a mobile security training session.

Group interaction in a mobile security training session.

Trainer presenting on mobile security to a group using a projector.

Participants viewing a slide presentation on mobile security.

Training session with participants using laptops in a mobile security course.

Wide view of a mobile security training session with attendees.

Participants listening during a mobile security training session.

Close-up of participants at a mobile security training session.

Trainer presenting to participants in a mobile security training session.

Hear from our Students

Our Students are our greatest voice, just read what they have to say!

OUR MODES OF TRAINING

Perfect for Teams in Multiple Location

Real-time interaction with our expert trainers over Zoom
Customizable content tailored to your team’s needs
Continued support after the training

Perfect for Teams in One Location

Real-time interaction with our expert trainers at an onsite location
Customizable content tailored to your team’s needs
Continued support after the training

FAQ

What are the different formats in which the courses are offered?

Our Live Virtual and On-Site sessions replicate the interactive classroom experience, fostering real-time collaboration and engagement among participants.

Can i share the purchased course material with other people?

No, the training that you purchase from 8kSec, including the course materials is exclusively for your individual use. You may not reproduce, distribute or display (post/upload) lecture notes, or recordings, or course materials in any other way — whether or not a fee is charged – without the express written consent of 8kSec.

Where can i find the Certificate of Course Completion?

For On-Site/Virtual Courses during private trainings/conferences, we provide a customized certificate after the completion of the course. Please note that the Certificate of Course Completion is different from the one obtained after clearning the Certification exam.

Do i need to setup any Labs in order to perform the Labs in the training?

This is pretty straightforward. For Virtual/Live Trainings, we will provide you access to our Lab environment and an instruction guide during the training.

Where can i find the schedule of your Virtual/Live Training classes?

You can find our Training Schedule at https://8ksec.io/public-training/. To schedule a Live Virtual or Live On-site private training for a group of 5+ attendees, email trainings@8ksec.io and our logistics team will get in touch with you to organize one.

The information on this page is subject to change without notice.

CONTACT US

Please share with us the project requirements and the goals you want to achieve, and one of our sales representatives will contact you within one business day.

Our Location

51 Pleasant St # 843, Malden, MA, Middlesex, US, 02148

General and Business inquiries

contact@8ksec.io

Trainings

trainings@8ksec.io

Press

press@8ksec.io

Phone

+1(347)-4772-006

SEND ENQUIRY

Get the latest news & updates

Penetration
Testing

Cybersecurity Consulting

Security
Compliance

SSDLC