No announcement yet.

Hardik Shah - Finding Security Vulnerabilities Through Fuzzing

  • Filter
  • Time
  • Show
Clear All
new posts

  • Hardik Shah - Finding Security Vulnerabilities Through Fuzzing

    Hardik Shah - Finding Security Vulnerabilities Through Fuzzing


    Friday from 0900 to 1300
    EventBrite Link:

    Many people are interested in finding vulnerabilities but don't know where to start. This workshop is aimed at providing details on how to use fuzzing to find software vulnerabilities. We will discuss what is fuzzing, different types of fuzzers and how to use them.

    This training will start with a basic introduction to different types of vulnerabilities which are very common in softwares. Later on during the training we will first start with fuzzing a simple C program which contains these vulnerabilities. After that we will see how we fuzz real world open source softwares using fuzzers like AFL,libfuzzer and honggfuzz etc.

    This talk will also provide details on how AFL works, what are the different mutation strategies it uses. basics of compile time instrumentation, how to collect corpus for fuzzing and how to minimize it,crash triage and finding root cause.

    Key takeaways from this workshop will be:
    1. Understanding of common types of security vulnerabilities like buffer overflow/heap overflow/use after free/double free/Out of bound read/write/memory leaks etc.
    2. Understanding how to use various fuzzers like AFL,LibFuzzer, Hongfuzz etc.
    3. How to fuzz various open source softwares on linux.
    4. How to do basic debugging to find the root cause of vulnerabilities for linux.
    5. How to write secure software by having an understanding of common types of vulnerabilities.

    Skill Level: Beginner
    Materials Needed: A laptop with at least 16GB RAM, min 4 core processor, virtualbox or vmware. I will be sharing a linux VM based on kali which will have all the tools required for the workshop.

    Hardik Shah is an experienced security researcher and technology evangelist. He is currently working with Sophos as a Principal Threat Researcher. Hardik has found many vulnerabilities in windows and other open source software. He currently has around 30+ CVEs in his name. He was also MSRC most valuable researcher for year 2019 and top contributing researcher for MSRC Q1 2020. Hardik enjoys analysing latest threats and figuring out ways to protect customers from them.
    You can follow him on twitter @hardik05 and read some of his blogs here:

    Max Class Size: 35

    Last edited by number6; July 4, 2022, 15:48.