DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

Finding security Vulnerabilities through Fuzzing by Hardik Shah at DEF CON 29

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Finding security Vulnerabilities through Fuzzing by Hardik Shah at DEF CON 29

    Finding security Vulnerabilities through Fuzzing
    Hardik Shah


    Prerequisites for students?:
    Basic knowledge of C,C++, basics knowledge of linux and windows.

    Materials or Equipment students will need to bring to participate?:
    A laptop with atlease 16GB RAM, min 4 core processor, virtualbox or vmware with windows and kali linux VMs. windbg and visual studio installed.
    I will be sharing a prerequisite document so that attendees can prepare their VMs in advance.

    What level of skill is required for your targeted audience (Beginner/Intermediate/Advanced)?:
    Beginner.

    Abstract
    Many people are interested in finding vulnerabilities but don't know where to start. This workshop is aimed at providing details on how to use fuzzing to find software vulnerabilities. We will discuss what is fuzzing, different types of fuzzers and how to use them.

    This training will start with a basic introduction to different types of vulnerabilities which are very common in softwares. Later on during the training we will first start with fuzzing a simple C program which contains these vulnerabilities. After that we will see how we fuzz real world open source softwares using fuzzers like AFL,WinAFL,libfuzzer and honggfuzz etc.

    This talk will also provide details on how does AFL/WinAFL works, what are the different mutation strategies it uses. basics of compile time instrumentation, how to collect corpus for fuzzing and how to minimize it,crash triage and finding root cause.

    Key takeaways from this workshop will be:
    1. Understanding of common types of security vulnerabilities like buffer overflow/heap overflow/use after free/double free/Out of bound read/write/memory leaks etc.
    2. Understanding of how to use various fuzzers like AFL,LibFuzzer, Hongfuzz, Winafl etc.
    3. How to fuzz various open source and closed source softwares on linux and windows.
    4. How to do basic debugging to find the root cause of vulnerabilities for linux and windows.
    5. How to write secure software by having an understanding of common types of vulnerabilities.

    Trainer Bio(s)
    Hardik Shah is an experienced security researcher and technology evangelist. He is currently working with McAfee as a vulnerability researcher. Hardik has found many vulnerabilities in windows and other open source software. He currently has around 30+ CVEs in his name. He was also MSRC most valuable researcher for year 2019 and top contributing researcher for MSRC Q1 2020. Hardik enjoys analysing latest threats and figuring out ways to protect customers from them.
    You can follow him on twitter @hardik05 and read some of his blogs here: https://www.mcafee.com/blogs/author/hardik-shah
    Last edited by Dark Tangent; 6 days ago. Reason: Removed outline, it might change before the workshop
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

  • #2
    Just checking, is there more info on what date this course will be held, at what time and how to sign up?

    Comment


    • #3
      Hi,

      Could you please help me where I can sign up for this workshop?

      Thx,

      Comment


      • #4
        It will happen on site during DEF CON 29, and signups will happen in mid July on-line. Good luck!
        PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

        Comment

        Working...
        X