Fuzzing.in Logo FUZZING.IN

Mastering Linux Fuzzing: Kernel, IoT & Network

A deep-dive training into advanced coverage-guided fuzzing, custom mutators, Kernel exploitation, and IoT firmware analysis.

Course Overview

This advanced workshop is designed for security researchers who want to move beyond basic user-mode fuzzing. The workshop explores how to fuzz complex targets including network protocols, Linux Kernel modules, and IoT firmware. You will learn to write custom mutators, use grammar-based fuzzing, and leverage advanced instrumentation techniques.

The training includes deep dives into AFL++ customization, LibFuzzer, and Syzkaller. Attendees will also master the art of crash analysis using GDB and QEMU to turn crashes into exploitable vulnerabilities in both user and kernel space.

Training Agenda

Day 1

Advanced Fuzzing & Customization

  • Fuzzing Internals: AFL++ & LibFuzzer Deep Dive
  • Structure-Aware Fuzzing & Dictionaries
  • Writing Custom Mutators for AFL++
  • Lab: Fuzzing Complex File Formats
  • Plugin Development for Fuzzers
  • Optimizing Performance & Parallelization

Day 2

Network & Protocol Fuzzing

  • Challenges in Network Fuzzing
  • Stateful Fuzzing Techniques
  • Grammar-Based Fuzzing for Protocols
  • Lab: Fuzzing a Network Service
  • Protocol Analysis & Corpus Generation
  • Fuzzing with QEMU User/System Mode

Day 3

Kernel & IoT Fuzzing

  • Linux Kernel Fuzzing with Syzkaller
  • Kernel Instrumentation (KCOV, KASAN)
  • Lab: Fuzzing Linux Kernel Modules
  • IoT Firmware Emulation & Fuzzing
  • Fuzzing with QEMU System Mode
  • Crash Analysis & Triage on Linux

Who Should Attend

  • Experienced Security Researchers
  • Penetration Testers
  • Vulnerability Analysts
  • Application Security Leads

Key Takeaways

  • Create custom fuzzing harnesses for complex targets.
  • Effectively fuzz network protocols and stateful services.
  • Master Kernel fuzzing with Syzkaller.
  • Fuzz IoT firmware and embedded devices.
Hardik Shah

About the Trainer

Hardik Shah (@hardik05) is a Principal Security Researcher with over two decades of experience in the cybersecurity industry, having worked with leading companies like Sophos, McAfee, and Symantec. He specializes in fuzzing and vulnerability discovery, with over 50 CVEs to his name. Hardik is a seasoned trainer, having conducted workshops at premier security conferences including DEF CON, RSA, and BSides.

Read Full Bio

Ready to Master Fuzzing?

Bring this advanced workshop to your team. Get in touch for private training inquiries.

Inquire About Private Training