Fuzzing.in Logo FUZZING.IN

Practical Fuzzing Workshop: From Zero to 0-Day

A 3-day hands-on training covering the theory and practice of modern fuzzing techniques on both Linux and Windows platforms.

Note: This is a self-learning module based on lab manuals. No videos included.

Course Overview

This intensely practical training demystifies the process of vulnerability discovery. The workshop explores the complete fuzzing lifecycle: from target selection and corpus generation to advanced, coverage-guided fuzzing and automated crash analysis. The course covers user-mode fuzzing on Linux and Windows, and introduces concepts for kernel and firmware targets.

You will gain hands-on experience with industry-standard tools like AFL++, WinAFL, GDB, and WinDbg, and learn to customize them to suit your needs. By the end of this training, you will have the skills and confidence to build your own fuzzing pipeline and start finding your own bugs.

gdb -q ./vulnerable_app

(gdb) run < $(python3 -c 'print("A"*200)')

Starting program: ./vulnerable_app

Program received signal SIGSEGV, Segmentation fault.

0x41414141 in ?? ()

(gdb) info registers

eax 0x1 1

ebx 0x0 0

ebp 0x41414141

esp 0x41414141

3-Day Training Agenda

Day 1

Fuzzing Fundamentals & The AFL++ Ecosystem

  • Vulnerability Classes & Manual Code Review
  • The Fuzzing Mindset: Process & Tooling
  • Deep Dive into Coverage-Guided Fuzzing (AFL++)
  • Lab: Compiling & Fuzzing Your First Program
  • Advanced AFL++: Dictionaries, CMPLog, and Persistent Mode
  • Fuzzing with QEMU and Cross-Arch Binaries

AFL++ 4.05c

process timing

run time : 3 days

last new : 14m

overall results

cycles : 420

crashes : 12

map coverage

map density : 12.40% / 18.2%

Day 2

Real-World Target Analysis & Crash Triaging

  • From Crash to Root Cause: Debugging with GDB
  • Automating Crash Analysis with Crashwalk
  • Lab: Fuzzing Common Libraries (TCPDump, libtiff)
  • Case Studies: Analyzing Real-World Vulnerabilities
  • Scaling Fuzzing Efforts for Large Projects
  • Hands-on Labs with ImageMagick & FFMpeg

exploitable (gdb plugin)

Description: Access violation on destination operand

Short description: DestAv (10/10)

Hash: 3a2c91829e...

Classification: EXPLOITABLE

Day 3

Windows Fuzzing & Advanced Techniques

  • Introduction to Windows Fuzzing with WinAFL
  • Instrumentation on Windows with DynamoRIO
  • Lab: Fuzzing Closed-Source Windows Binaries
  • Advanced Windows Debugging: Time Travel Debugging (TTD)
  • Customizing WinAFL: Adding Features & Mutators

WinAFL - [target.exe]

Total execs : 1.2M

Unique crashes : 4

Unique hangs : 0

Last path : 2 min ago

C:\> drrun.exe -t drcov -- target.exe

Who Should Attend

  • Security Researchers & Penetration Testers
  • Developers & QA Engineers
  • Bug Bounty Hunters & Hobbyists
  • Product Security & AppSec Teams

Key Takeaways

  • Build and operate a full fuzzing pipeline.
  • Effectively fuzz both open-source and closed-source targets.
  • Perform advanced crash analysis and root cause determination.
  • Customize fuzzers for specific and complex targets.
Hardik Shah

About the Trainer

Hardik Shah (@hardik05) is a Principal Security Researcher with over two decades of experience in the cybersecurity industry, having worked with leading companies like Sophos, McAfee, and Symantec. He specializes in fuzzing and vulnerability discovery, with over 50 CVEs to his name. Hardik is a seasoned trainer, having conducted workshops at premier security conferences including DEF CON, RSA, and BSides.

Read Full Bio

Ready to Master Fuzzing?

Bring this hands-on workshop to your team. Get in touch for private training inquiries.

Inquire About Private Training