Fuzzing.in Logo FUZZING.IN

Practical Fuzzing Workshop: From Zero to 0-Day

A 3-day hands-on training covering the theory and practice of modern fuzzing techniques on both Linux and Windows platforms.

Course Overview

This intensely practical training demystifies the process of vulnerability discovery. The workshop explores the complete fuzzing lifecycle: from target selection and corpus generation to advanced, coverage-guided fuzzing and automated crash analysis. The course covers user-mode fuzzing on Linux and Windows, and introduces concepts for kernel and firmware targets.

You will gain hands-on experience with industry-standard tools like AFL++, WinAFL, GDB, and WinDbg, and learn to customize them to suit your needs. By the end of this training, you will have the skills and confidence to build your own fuzzing pipeline and start finding your own bugs.

3-Day Training Agenda

Day 1

Fuzzing Fundamentals & The AFL++ Ecosystem

  • Vulnerability Classes & Manual Code Review
  • The Fuzzing Mindset: Process & Tooling
  • Deep Dive into Coverage-Guided Fuzzing (AFL++)
  • Lab: Compiling & Fuzzing Your First Program
  • Advanced AFL++: Dictionaries, CMPLog, and Persistent Mode
  • Fuzzing with QEMU and Cross-Arch Binaries

Day 2

Real-World Target Analysis & Crash Triaging

  • From Crash to Root Cause: Debugging with GDB
  • Automating Crash Analysis with Crashwalk
  • Lab: Fuzzing Common Libraries (TCPDump, libtiff)
  • Case Studies: Analyzing Real-World Vulnerabilities
  • Scaling Fuzzing Efforts for Large Projects
  • Hands-on Labs with ImageMagick & FFMpeg

Day 3

Windows Fuzzing & Advanced Techniques

  • Introduction to Windows Fuzzing with WinAFL
  • Instrumentation on Windows with DynamoRIO
  • Lab: Fuzzing Closed-Source Windows Binaries
  • Advanced Windows Debugging: Time Travel Debugging (TTD)
  • Customizing WinAFL: Adding Features & Mutators

Who Should Attend

  • Security Researchers & Penetration Testers
  • Developers & QA Engineers
  • Bug Bounty Hunters & Hobbyists
  • Product Security & AppSec Teams

Key Takeaways

  • Build and operate a full fuzzing pipeline.
  • Effectively fuzz both open-source and closed-source targets.
  • Perform advanced crash analysis and root cause determination.
  • Customize fuzzers for specific and complex targets.
Hardik Shah

About the Trainer

Hardik Shah (@hardik05) is a Principal Security Researcher with over two decades of experience in the cybersecurity industry, having worked with leading companies like Sophos, McAfee, and Symantec. He specializes in fuzzing and vulnerability discovery, with over 50 CVEs to his name. Hardik is a seasoned trainer, having conducted workshops at premier security conferences including DEF CON, RSA, and BSides.

Read Full Bio

Ready to Master Fuzzing?

Bring this hands-on workshop to your team. Get in touch for private training inquiries.

Inquire About Private Training