Many people are interested in finding vulnerabilities but don’t know where to start. This workshop is aimed at providing details on how to use fuzzing to find software vulnerabilities on various popular open source softwares. We will discuss what is fuzzing, different types of fuzzers and how to use them. This training will start with a basic introduction to different types of vulnerabilities which are very common in softwares. Later on during the training we will first start with fuzzing a simple C program which contains these vulnerabilities. After that we will see how we fuzz real world open source software using fuzzers like AFL, libfuzzer and honggfuzz.
This talk will also provide details on how does AFL works, what are the different mutation strategies it uses. basics of compile time instrumentation, how to collect corpus for fuzzing and how to minimize it, crash triage and finding root cause of a vulnerability.