Detailed abstract – “On a regular basis, hundreds of vulnerabilities get discovered and fixed in various Operating systems and software.
Do you always wonder how this gets discovered in the first place? What are the tools and techniques people use to find them? If so then this training will cover just that.
In this training, we will discuss what is fuzzing, different types of fuzzers and how to use them. This training will start with a basic introduction to different types of vulnerabilities which are very common in software. Later on during the training we will first start with fuzzing a simple C program which contains these vulnerabilities. After that we will see how we fuzz real world open source software using fuzzers like AFL, honggfuzz and libfuzzer.
This talk will also provide details on how does AFL works, what are the different mutation strategies it uses. basics of compile time instrumentation, how to collect corpus for fuzzing and how to minimize it, crash triage and finding root cause.
1. Different types of vulnerabilities – quick overview of Buffer overflow, heap overflow, integer overflow, use after free, out of bound read/Write.
2. Manually identifying the vulnerabilities in C code.
3. What is fuzzing and different types of fuzzer – dumb fuzzer, mutation fuzzer, coverage guided fuzzer.
4. Fuzzing Process
5. corpus collection
6. corpus minimization
7. Fuzzing Sample C program using AFL,libfuzzer and Honggfuzz,
8. Analysing and triaging crashes
9. How to fuzz real world softwares using AFL,honggfuzz
a. How to fuzz tcpdump using AFL and honggfuzz
10. Real life CVE analysis
11. Reporting crashes and bug bounties
12. QnA & Conclusion