DEF CON Forum Site Header Art
DEF CON Forum Site Header Art


No announcement yet.

Finding security Vulnerabilities through Fuzzing by Hardik Shah at DEF CON 29

  • Filter
  • Time
  • Show
Clear All
new posts

  • Finding security Vulnerabilities through Fuzzing by Hardik Shah at DEF CON 29

    Finding security Vulnerabilities through Fuzzing
    Hardik Shah

    Prerequisites for students?:
    Basic knowledge of C,C++, basics knowledge of linux and windows.

    Materials or Equipment students will need to bring to participate?:
    A laptop with atlease 16GB RAM, min 4 core processor, virtualbox or vmware with windows and kali linux VMs. windbg and visual studio installed.
    I will be sharing a prerequisite document so that attendees can prepare their VMs in advance.

    What level of skill is required for your targeted audience (Beginner/Intermediate/Advanced)?:

    Many people are interested in finding vulnerabilities but don't know where to start. This workshop is aimed at providing details on how to use fuzzing to find software vulnerabilities. We will discuss what is fuzzing, different types of fuzzers and how to use them.

    This training will start with a basic introduction to different types of vulnerabilities which are very common in softwares. Later on during the training we will first start with fuzzing a simple C program which contains these vulnerabilities. After that we will see how we fuzz real world open source softwares using fuzzers like AFL,WinAFL,libfuzzer and honggfuzz etc.

    This talk will also provide details on how does AFL/WinAFL works, what are the different mutation strategies it uses. basics of compile time instrumentation, how to collect corpus for fuzzing and how to minimize it,crash triage and finding root cause.

    Key takeaways from this workshop will be:
    1. Understanding of common types of security vulnerabilities like buffer overflow/heap overflow/use after free/double free/Out of bound read/write/memory leaks etc.
    2. Understanding of how to use various fuzzers like AFL,LibFuzzer, Hongfuzz, Winafl etc.
    3. How to fuzz various open source and closed source softwares on linux and windows.
    4. How to do basic debugging to find the root cause of vulnerabilities for linux and windows.
    5. How to write secure software by having an understanding of common types of vulnerabilities.

    Trainer Bio(s)
    Hardik Shah is an experienced security researcher and technology evangelist. He is currently working with McAfee as a vulnerability researcher. Hardik has found many vulnerabilities in windows and other open source software. He currently has around 30+ CVEs in his name. He was also MSRC most valuable researcher for year 2019 and top contributing researcher for MSRC Q1 2020. Hardik enjoys analysing latest threats and figuring out ways to protect customers from them.
    You can follow him on twitter @hardik05 and read some of his blogs here:
    Last edited by The Dark Tangent; June 16, 2021, 07:12. Reason: Removed outline, it might change before the workshop
    PGP Key:

  • #2
    Just checking, is there more info on what date this course will be held, at what time and how to sign up?


    • #3

      Could you please help me where I can sign up for this workshop?



      • #4
        It will happen on site during DEF CON 29, and signups will happen in mid July on-line. Good luck!
        PGP Key:


        • #5
          Originally posted by Dark Tangent View Post
          It will happen on site during DEF CON 29, and signups will happen in mid July on-line. Good luck!
          So just to confirm - there will be no virtual aspect of the workshops; they're on-site only?


          • The Dark Tangent
            The Dark Tangent commented
            Editing a comment
            That is correct, we tried to plan for remote but the logistics and costs were to great.