Anyone looking to get into Windows vulnerability research and fuzzing, although many of the concepts and approaches taught can be used for fuzzing on other platforms (MacOS/Linux, etc), all the exercises will focus on Windows. Also useful for red-teamers looking to add zero-days to their arsenal (with a dedicated section on finding quick 0-days on time-limited engagements).
Most topics are beginner friendly and assume limited or no prior experience with modern fuzzing approaches and Windows vulnerability research, with advanced topics (hypervisors & emulators, for example) presented in an easy-to-understand manner.
At completion of the training, you should be familiar with modern bug classes (logic vulnerabilities, TOCTOU, buffer overflows, file system related, double-fetch, etc) and how to discover 0-day vulnerabilities in both userland and kernel components via manual approaches (involving both static and dynamic analysis), and state-of-the-art fuzzing techniques using both public and custom tooling. You will also have practical experience finding vulnerabilities in closed-source binaries (with real 0-day hunting exercises, and multiple 0-days demonstrated during training).
Students will also be provided with advanced custom tooling developed and used by the author to assist with vulnerability research.
This course is a complete introduction to finding 0-days on Windows, covering static & dynamic manual approaches alongside state-of-the-art snapshot fuzzing techniques with multiple walkthroughs of real live 0-days. Includes both memory corruption style bugs & logic bugs.
Christopher Vella has extensive experience with vulnerability research and has found vulnerabilities in a range of high-profile software (Hyper-V Hypervisor, Adobe PDF, Windows OS & Kernel). Public vulnerabilities discovered by Christopher include (CVE-2020-17414, CVE-2020-24559, CVE-2021-25250, CVE-2020-24557, CVE-2020-24556, CVE-2020-24558, + more) alongside multiple non-public vulnerabilities.