Introduction to Fuzzing
Learn how fuzzing works, how fuzzers work, how to build your own fuzzers for and how to discover vulnerabilities with fuzzing
Most of the vulnerabilities with the biggest impact of the last years were discovered using a technique called fuzzing. Fuzzing is an automated software testing technique that involves providing mutating data into a program to trigger exceptions such as crashes, buffer overflows, heap overflows and other software issues.
In this training you will first discover what’s fuzzing and how a fuzzer works. You will build your own basic fuzzers using Python and progressively improve them. Then, you will learn how to use famous coverage-guided fuzzing frameworks ( American Fuzzy Lop, LibFuzzer, Honggfuzz) to fuzz popular Linux program. You will learn how to efficiently analyze and improve your fuzzing results, debug and analyze crashes. Finally, you will write some custom fuzz harnesses and discover more advanced testing techniques to find in-depth bugs. Along this training, you will mainly target real-life/popular Linux programs and C/C++ libraries.
Day 1 - Basics of Fuzzing
Day one starts with looking at the theory of fuzzing: What’s fuzzing? How does it work? Why is it so efficient? What kind of fuzzers exist?
Next, participants will learn how to write a couple of basic fuzzers in Python, starting with completely random fuzzers and progressively improve them to target specific file formats.
Participants will also learn how to evaluate and improve their fuzzing results, analyze crashes-results and quickly judge the likelihood of exploitability.
Day 2 - C/C++ Whitebox Fuzzing
Participants will learn everything they need to know to start fuzzing C/C++ source code using different fuzzing techniques.
They will learn how to use the most famous coverage-guided fuzzing frameworks (afl, libfuzzer, honggfuzz) to create custom fuzz target harnesses.
Finally, they will discover some more advanced testing techniques and how to integrate fuzzing into their secure software development lifecycle (SDLC).
This training offers you multiple hands-on exercises, on real-life/popular C/C++ libraries, allowing you to internalize concepts and techniques taught in class.
Topics Covered during this Course
-
Introduction to Fuzzing
- Build simple fuzzer
- Blackbox Fuzzing
-
Coverage-guided Fuzzing
- afl++ / honggfuzz
-
Improve your Fuzzing Workflow
- Corpus/inputs selection
- Code coverage / Corpus minimization
-
Crashes Analysis
- Crashes minimization / Bucketing / Debugging / Root cause analysis
-
In-Process/Memory Fuzzing
- Concept and particularity
- libfuzzer / afl++ / honggfuzz
-
Generation-based Fuzzing
- Grammar-based Fuzzing (generators, dictionaries, etc.)
- Structure-aware Fuzzing
-
Other Advanced Techniques
- Symbolic Execution / Concolic Execution
- Differential Fuzzing
- CI Fuzzing
Class Requirements
- Basic Linux skills (Navigation in the shell, using make, compiling a program using gcc)
- Basic C/C++ skills (As we will write some fuzzing harnesses in C)
- Basic understanding of classical C/C++ memory corruption vulnerabilities (such as buffer overflows)
- Basic Python skills (As we will write some basic fuzzers in Python)