Instructors: Marc 'vanHauser' Heuse
Dates: June 24 to 27 2024
Capacity: 20
This comprehensive four-day training course is meticulously designed for professionals seeking in-depth knowledge and practical skills in advanced fuzz testing techniques on UNIX (Linux, MacOS, ...). The course encompasses a thorough exploration of leading fuzzing tools such as AFL++, libafl, honggfuzz, and libFuzzer, providing an end-to-end perspective on the full fuzz testing workflow. We will look at targets with source code but also binary-only targets.
Participants will engage in a detailed study of the fuzz testing process, beginning with target analysis, where they learn to identify and evaluate potential targets for fuzzing. The course then delves into the development and optimization of fuzzing harnesses, a critical step in preparing for effective fuzz testing.
The training also covers the intricacies of setting up and managing a fuzzing campaign, including campaign monitoring, coverage analysis and crash traiging. This comprehensive approach ensures that participants not only initiate fuzzing activities but also effectively track and evaluate their progress.
Moreover, the course provides insights into effective seeding strategies, which are essential for enhancing the efficiency of the fuzzing process. Participants will learn how to generate and use seeds to improve the coverage and effectiveness of their fuzz testing campaigns.
Through a blend of theoretical knowledge and hands-on exercises, participants will gain the confidence to apply these advanced fuzzing techniques in real-world security scenarios. This course enhances the capability of security professionals to secure systems and applications against modern threats, offering a complete understanding of the fuzz testing workflow from target analysis to crash triaging.
Security professionals and security concious developers.
Marc "vanHauser" Heuse is a seasoned security researcher renowned for his significant contributions to the field of fuzzing, particularly with AFL++. His work has played a pivotal role in advancing fuzzing techniques, aiding in the discovery and rectification of numerous software vulnerabilities. He is also well known for founding The Hacker's Choice (THC) where he releases well-known tools like hydra, thc-ipv6, amap, THC-Scan and many others.
Click here to register.