Mastering Advanced Fuzz Testing Techniques on UNIX

Instructors:  Marc 'vanHauser' Heuse
Dates: June 24 to 27 2024
Capacity:  20

This comprehensive four-day training course is meticulously designed for professionals seeking in-depth knowledge and practical skills in advanced fuzz testing techniques on UNIX (Linux, MacOS, ...). The course encompasses a thorough exploration of leading fuzzing tools such as AFL++, libafl, honggfuzz, and libFuzzer, providing an end-to-end perspective on the full fuzz testing workflow. We will look at targets with source code but also binary-only targets.

Participants will engage in a detailed study of the fuzz testing process, beginning with target analysis, where they learn to identify and evaluate potential targets for fuzzing. The course then delves into the development and optimization of fuzzing harnesses, a critical step in preparing for effective fuzz testing.

The training also covers the intricacies of setting up and managing a fuzzing campaign, including campaign monitoring, coverage analysis and crash traiging. This comprehensive approach ensures that participants not only initiate fuzzing activities but also effectively track and evaluate their progress.

Moreover, the course provides insights into effective seeding strategies, which are essential for enhancing the efficiency of the fuzzing process. Participants will learn how to generate and use seeds to improve the coverage and effectiveness of their fuzz testing campaigns.

Through a blend of theoretical knowledge and hands-on exercises, participants will gain the confidence to apply these advanced fuzzing techniques in real-world security scenarios. This course enhances the capability of security professionals to secure systems and applications against modern threats, offering a complete understanding of the fuzz testing workflow from target analysis to crash triaging.

Course Topics

Day 1: Introduction to Fuzz Testing and AFL++

• Overview of Fuzz Testing: Key Concepts and Practices
• Setting up the Fuzzing Environment: Tools and Configurations
• Introduction to AFL++: Basics and Advanced Features
• Hands-On Session: Simple Fuzzing with AFL++
• Coverage Analysis: Techniques and Tools
• Crash Triaging: Initial Steps and Strategies

Day 2: Harnessing Techniques and libFuzzer

• Exploring libFuzzer: Architecture and Practical Usage
• Building Effective Fuzzing Harnesses: Techniques and Best Practices
• In-Depth Look at Fuzzing Harnessing
• Hands-On Session: Implementing Custom Harnesses with libFuzzer
• Introduction to Honggfuzz: Features and Capabilities
• Coverage Analysis for libFuzzer and Honggfuzz
• Reachability Analysis: Understanding and Implementing

Day 3: Mastering Harnesses & Grammar Fuzzing

• Introduction to libafl: Fundamentals and Applications
• Hands-On Session: Implementing Advanced Custom Harnesses with libafl
• Advanced Harnessing: Invariant and Differential Fuzzing
• Grammar Fuzzing: Techniques, Tools, and Implementation
• Hands-On Session: Grammar Fuzzing with AFL++ and libafl

Day 4: Binary-only Fuzzing and Successful Fuzzing Campaigns

• Fuzzing Binary-only Targets: Rewriting vs Emulating Strategies
• Emulation Techniques: Full-System vs User-Space Fuzzing
• Hands-On Session: Fuzzing a Binary-Only Network Service
• Comparative Analysis: AFL++ vs. libafl vs. Honggfuzz vs. libFuzzer
• Setting Up Successful Fuzzing Campaigns: Strategies and Considerations
• Sizing Fuzzing Servers: Capacity Planning and Optimization

Key Learning Objectives

• Mastery of AFL++, libafl, honggfuzz, and libFuzzer
• Ability to create and optimize fuzzing harnesses
• Skills in coverage analysis, seeding and crash triaging
• Competence in grammar fuzzing and handling binary-only targets.
• Being able to successfuly run complex fuzzing campaigns

WHO SHOULD ATTEND

Security professionals and security concious developers.

Prerequisites

• Familiarity with Linux command line and basic C programming concepts.
• Basic understanding of software testing principles.
• Laptop with Linux + Docker installed (or a VM with Linux + Docker)

Bio

Marc "vanHauser" Heuse is a seasoned security researcher renowned for his significant contributions to the field of fuzzing, particularly with AFL++. His work has played a pivotal role in advancing fuzzing techniques, aiding in the discovery and rectification of numerous software vulnerabilities. He is also well known for founding The Hacker's Choice (THC) where he releases well-known tools like hydra, thc-ipv6, amap, THC-Scan and many others.

To Register

Click here to register.