CANCELED:
URL=https://training.defcon.org/products...e-into-fuzzing
URL=https://training.defcon.org/products...e-into-fuzzing
Originally posted by URL
Name of Training:
Deep Dive into Fuzzing
Description:
Fuzzing is a technique of identifying software vulnerabilities by automated corpus generation. It has produced immense results and attracted a lot of visibility from security researchers and professionals in the industry, today fuzzing can be utilized in various ways which can be incorporated into your secure SDLC to discover vulnerabilities in advance and fix them.
Training description:
Attendees would be emulating techniques which would provide a comprehensive understanding of "Crash, Detect & Triage" of fuzzed binaries or software. In "Deep dive into fuzzing" we will be covering a detailed overview of fuzzing and how it can be beneficial to professionals in uncovering security vulnerabilities with a hands-on approach through focus on labs.
Finding vulnerabilities in software requires in-depth knowledge of different technology stacks. Modern day software’s have a huge codebase and may contain vulnerabilities, manually verifying such vulnerabilities is a tedious task and may not be possible in all cases. This training is designed in such a way that it introduces the concept of fuzzing and vulnerability discovery in software’s covering multiple platforms such as Linux & Windows and triage analysis for those vulnerabilities.
Trainer(s) bio:
Full name of trainer(s): Zubin Devnani & Dhiraj Mishra
Preferred pronouns: he/him
Dhiraj Mishra is an active speaker who has discovered multiple zero-days in modern web browsers and an open-source contributor. He is a trainer at Blackhat and presented in conferences such as Ekoparty, Hacktivity, PHDays & HITB. In his free time, he blogs at www.inputzero.io and tweets on @RandomDhiraj
Zubin Devnani is a red teamer by trade, who has identified multiple vulnerabilities in commonly used software. He is a trainer at Blackhat and has delivered multiple workshops, including PHDays and Hacktivity. Utilizes his fuzzing skills in his day to day trade to identify new ways of breaking into enterprises! Blogging at devtty0.io and tweets on @p1ngfl0yd
Trainer(s) social media links:
https://twitter.com/RandomDhiraj : @RandomDhiraj
https://twitter.com/p1ngfl0yd : @p1ngfl0yd
Outline:
• Understanding fuzzing fundamentals
• AFL Internals
• Setting up the environment
• Selecting fuzzing targets
• Corpus generation
• “Not so pro tips” while fuzzing
• Setting up persistent mode
• Network Protocol fuzzing
• AFL internals for QEMU
• Targeting blackbox binaries
• WinAFL Internals
• Analyzing your target with debuggers
• Capture the crash
Technical difficulty:
Beginner, Intermediate
Suggested Prerequisites:
What students should bring:
Attendees are required to have a system with root/admin privilege with minimum 8GB RAM and 100 GB disk space with VirtualBox or VMware installed.
DATE: August 14th-15th 2023
TIME: 8am to 5pm PDT
VENUE: Caesars Forum, Las Vegas, NV
TRAINER: Dhiraj Mishra & Zubin Devnani
- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included
Registration terms and conditions:
Trainings are refundable before July 1st, the processing fee is $250.
Trainings are non-refundable after July 10th, 2023.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.
Deep Dive into Fuzzing
Description:
Fuzzing is a technique of identifying software vulnerabilities by automated corpus generation. It has produced immense results and attracted a lot of visibility from security researchers and professionals in the industry, today fuzzing can be utilized in various ways which can be incorporated into your secure SDLC to discover vulnerabilities in advance and fix them.
Training description:
Attendees would be emulating techniques which would provide a comprehensive understanding of "Crash, Detect & Triage" of fuzzed binaries or software. In "Deep dive into fuzzing" we will be covering a detailed overview of fuzzing and how it can be beneficial to professionals in uncovering security vulnerabilities with a hands-on approach through focus on labs.
Finding vulnerabilities in software requires in-depth knowledge of different technology stacks. Modern day software’s have a huge codebase and may contain vulnerabilities, manually verifying such vulnerabilities is a tedious task and may not be possible in all cases. This training is designed in such a way that it introduces the concept of fuzzing and vulnerability discovery in software’s covering multiple platforms such as Linux & Windows and triage analysis for those vulnerabilities.
Trainer(s) bio:
Full name of trainer(s): Zubin Devnani & Dhiraj Mishra
Preferred pronouns: he/him
Dhiraj Mishra is an active speaker who has discovered multiple zero-days in modern web browsers and an open-source contributor. He is a trainer at Blackhat and presented in conferences such as Ekoparty, Hacktivity, PHDays & HITB. In his free time, he blogs at www.inputzero.io and tweets on @RandomDhiraj
Zubin Devnani is a red teamer by trade, who has identified multiple vulnerabilities in commonly used software. He is a trainer at Blackhat and has delivered multiple workshops, including PHDays and Hacktivity. Utilizes his fuzzing skills in his day to day trade to identify new ways of breaking into enterprises! Blogging at devtty0.io and tweets on @p1ngfl0yd
Trainer(s) social media links:
https://twitter.com/RandomDhiraj : @RandomDhiraj
https://twitter.com/p1ngfl0yd : @p1ngfl0yd
Outline:
• Understanding fuzzing fundamentals
• AFL Internals
• Setting up the environment
• Selecting fuzzing targets
• Corpus generation
• “Not so pro tips” while fuzzing
• Setting up persistent mode
• Network Protocol fuzzing
• AFL internals for QEMU
• Targeting blackbox binaries
• WinAFL Internals
• Analyzing your target with debuggers
• Capture the crash
Technical difficulty:
Beginner, Intermediate
Suggested Prerequisites:
- Linux & Windows fundamentals
• Basic understanding of C/C++
What students should bring:
Attendees are required to have a system with root/admin privilege with minimum 8GB RAM and 100 GB disk space with VirtualBox or VMware installed.
DATE: August 14th-15th 2023
TIME: 8am to 5pm PDT
VENUE: Caesars Forum, Las Vegas, NV
TRAINER: Dhiraj Mishra & Zubin Devnani
- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included
Registration terms and conditions:
Trainings are refundable before July 1st, the processing fee is $250.
Trainings are non-refundable after July 10th, 2023.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.