Home Trainings About Blog Published Advisories My YouTube Channel

What is Fuzzing?

Fuzzing, also known as fuzz testing, is an automated software testing technique that involves providing invalid, unexpected, or random inputs to a program. The aim is to identify security vulnerabilities, bugs, or crashes. This method has been instrumental in uncovering numerous critical vulnerabilities in widely-used software.

Why Should You Learn Fuzzing?

  • Discover security flaws in software before attackers do.
  • Learn to use advanced tools like AFL, libFuzzer, and WinAFL.
  • Gain insights into root cause analysis and crash triage.
  • Prepare for tackling complex vulnerabilities in real-world scenarios.

Who Can Benefit from Fuzzing Training?

Fuzzing is valuable for security researchers, software developers, and QA engineers. Whether you're a beginner or a seasoned professional, fuzzing can enhance your ability to identify and fix vulnerabilities effectively.

Pre-requisites for Training

Participants should have a basic understanding of:

  • Programming (preferably C/C++).
  • Operating systems (Linux and Windows).
  • Debugging techniques.

System Requirements

  • Minimum 80GB disk space
  • 16GB RAM
  • VMware installed

What You Will Learn

  • Introduction to fuzzing and its importance in software security testing
  • How to set up a fuzzing environment and configure fuzzing tools
  • Practical knowledge of fuzzing techniques: mutation-based fuzzing, coverage-guided fuzzing, and more
  • How to analyze crash reports and debug vulnerable code
  • Effective strategies for triaging fuzzing results
  • Best practices for fuzzing real-world applications and systems
  • Hands-on experience using popular fuzzing tools like AFL, libFuzzer, and WinAFL
  • How to automate and scale fuzzing workflows for large applications

Key Takeaways

  • Understanding the fundamentals of fuzzing and its role in discovering software vulnerabilities
  • Ability to set up, run, and analyze results from fuzzing experiments
  • Practical experience with state-of-the-art fuzzing tools
  • Knowledge of debugging techniques for identifying and fixing crashes and bugs
  • Experience with the real-world application of fuzzing in securing software
  • Insight into best practices for managing fuzzing campaigns in both small and large-scale environments

Contact Us for Private Trainings

Upcoming Training Sessions

Training Image
Practical Fuzzing - A Hands-On Learning Experience for Uncovering Vulnerabilities on Linux and Windows Platforms (Online)
Start Date: 2025-04-01 | End Date: 2025-04-04
Conference: Blackhat Asia 2025
Location: Online, Zoom

Training Overview:

Fuzzing is a powerful technique for identifying vulnerabilities in software. This hands-on training will cover the theory and practical aspects of fuzzing, including:

  • Coverage-guided fuzzing
  • Basic blocks and binary instrumentation
  • Corpus collection and minimization
  • Target selection
  • Crash triage and root cause analysis
  • Real-life CVE analysis

Attendees will have the opportunity to practice fuzzing on both Windows and Linux platforms and apply the concepts learned to fuzz real-world software. This training is ideal for anyone with a basic understanding of software development and testing.

The training will start with user-mode fuzzing, then progress to complex topics like Linux kernel fuzzing and firmware fuzzing.

Participants will also learn about the different types of vulnerabilities that fuzzing can uncover, such as:

  • Buffer overflows
  • Heap overflows
  • Integer overflows
  • Use-after-free errors
  • Out-of-bounds read/write errors

We will discuss the causes of these vulnerabilities and how to address them through fuzzing. Additionally, other types of fuzzers, such as dumb fuzzers and mutation fuzzers, will be introduced along with their benefits and limitations. Attendees will also use tools like GDB and Crashwalk to debug crashes and perform root cause analysis.

Register Now

Completed Training Sessions

Training Image
Practical Fuzzing: A Hands-On Learning Experience for Uncovering Vulnerabilities on Linux and Windows Platforms
Start Date: 2024-10-04 | End Date: 2024-10-06
Conference: POC 2024
Location: Seoul, South Korea

Training Overview:

Fuzzing is a powerful technique for identifying vulnerabilities in software. This hands-on training will cover both the theory and practical aspects of fuzzing, including:

  • Coverage-guided fuzzing
  • Basic blocks and binary instrumentation
  • Corpus collection and minimization
  • Target selection
  • Crash triage and root cause analysis
  • Real-life CVE analysis

Attendees will have the opportunity to practice fuzzing on both Linux and Windows platforms. They will apply the concepts and techniques learned in the training to fuzz real-world software.

We will also explore how to customize WinAFL to add new features and tailor it to specific needs. This training is designed to be beginner-friendly and suitable for individuals with a basic understanding of software development and testing.

Topics Covered:

  1. User Mode Fuzzing: Starting with fuzzing in user mode, we will gradually progress to more advanced topics.
  2. Linux Kernel Fuzzing & Firmware Fuzzing: Learn how to fuzz the Linux kernel and embedded firmware.
  3. Fuzzing Vulnerabilities: Understand the different types of vulnerabilities that fuzzing can uncover, including:
    • Buffer overflows
    • Heap overflows
    • Integer overflows
    • Use-after-free errors
    • Out-of-bounds read/write errors
    We will discuss the underlying causes and potential impacts of these vulnerabilities, as well as how to identify and address them through fuzzing.
  4. Fuzzer Types: In addition to coverage-guided fuzzing, we will introduce other types of fuzzers such as:
    • Dumb fuzzers
    • Mutation fuzzers
    We will also discuss their benefits and limitations.
  5. Debugging & Crash Analysis: Attendees will learn how to use powerful tools like:
    • GDB
    • WinDBG
    • Crashwalk
    These tools will help debug and analyze crashes, and perform root cause analysis to identify the underlying cause of vulnerabilities.
  6. Advanced Debugging Techniques: Explore advanced debugging methods, including:
    • Time travel debugging on Windows
    • Measuring code coverage
    • Collecting and minimizing corpus

By the end of the training, attendees will be equipped with the skills and knowledge to conduct effective fuzzing on real-world software and identify critical vulnerabilities.

Training Image
Mastering Fuzzing: A Comprehensive Training on Identifying Vulnerabilities in Software
Start Date: 2023-05-12 | End Date: 2023-05-14
Conference: TyphoonCon 2023
Location: Seoul, South Korea

Training Overview:

A three-day training on fuzzing, a powerful technique for identifying vulnerabilities in software. This hands-on training will cover the theory and practical aspects of fuzzing, including coverage-guided fuzzing, basic blocks and binary instrumentation, corpus collection and minimization, target selection, crash triage and root cause analysis, and real-life CVE analysis. Attendees will have the opportunity to practice fuzzing on open source software and apply the concepts and techniques learned in the training. This training is suitable for attendees with a basic understanding of software development and testing. In this training, attendees will learn about the different types of vulnerabilities that can be found through fuzzing, including buffer overflows, heap overflows, integer overflows, use-after-free errors, and out-of-bounds read/write errors. We will discuss the underlying causes and potential impacts of these vulnerabilities, as well as how to identify and address them through fuzzing.In addition to coverage-guided fuzzing, we will also introduce other types of fuzzer, such as dumb fuzzers and mutation fuzzers, and discuss their benefits and limitations. Attendees will also learn how to use tools such as GDB and Crashwalk to debug and analyze crashes, and to perform root cause analysis to identify the underlying cause of vulnerabilities.

What Our Participants Say

"This was the most comprehensive fuzzing course I've ever attended. The instructors were knowledgeable and the hands-on labs gave me the confidence to apply fuzzing techniques in real-world scenarios."
Software Security Engineer
"It was good to have many examples to learn techniques."
Security Engineer
"extremely well organized material, very little time wasted messing with build environments."
Security Engineer
"Instructor is very proficient in fuzzing, Able to answers questions with ease."
Security Engineer
"A must-attend for anyone serious about software security. The training not only covered fuzzing theory but also gave me real experience that I could immediately apply in my own work."
Penetration Tester
Terms   |   Privacy   |   Note: Views expressed here and in contents are my own and not of my employers.