Vulnerability Research & Fuzzing

At completion of the training, you should be familiar with modern bug classes (logic vulnerabilities, TOCTOU, buffer overflows, file system related, double-fetch, etc) and how to discover 0-day vulnerabilities in both userland and kernel components via manual approaches (involving both static and dynamic analysis), and state-of-the-art fuzzing techniques using both public and custom tooling. You will also have practical experience finding vulnerabilities in closed-source binaries (with real 0-day hunting exercises, and multiple 0-days demonstrated during training).

Students will also be provided with advanced custom tooling developed and used by the author to assist with vulnerability research.

• Basic programming skills (C/C++) are preferred to get the most out of the course, but not required.

• A disassembler/decompiler (Binary Ninja, IDA, Ghidra).

• Two Windows 11 instances (Host & Guest, for remote kernel debugging).

• WinDBG (Preferable WinDBG Preview available on the Windows App Store).

• Virtualization software (VMWare or Hyper-V or VirtualBox).

• Visual Studio Community 2019+ with the “Desktop development with c++” and “.NET desktop development” packages installed, and the “Windows 11 WDK” (instructions).

• Multiple hands-on exercises for each section, including cheat sheets for tool usage and tips.

• Exercises targeting real software to demonstrate finding real 0-days in code (with live 0-days demonstrated against some target software).

• Windows internals explained relating to the windows kernel, hypervisors, user-land components (IPC, named pipes, shared memory, + more).

• Practical experience leveraging fuzzing on real targets, with the ability to target arbitrary software with fuzzing techniques (file parsers, network protocols, kernel drivers, etc), there will also be exercises where the student can fuzz and find vulnerabilities in targets of their own choosing (user-land or kernel-land targets).

• Develop custom tooling to assist with vulnerability research on Windows.

• Learn the internal workings and usage of standard public tooling for vulnerability research (and understand any deficiencies).

• Use kernel debugging and driver reverse engineering techniques to find and debug vulnerabilities in kernel code.

• Exercises with crash triaging techniques and program analysis concepts including taint analysis to root-cause vulnerabilities.

• Students will also be provided custom tooling to assist with vulnerability research, including custom kernel drivers to demonstrate advanced techniques.

• Touch on advanced, state-of-the-art fuzzing techniques against hard targets (e.g. Hypervisors, iOS, Android) such as snapshot fuzzing techniques, custom hypervisors / kernels for fuzzing, and custom emulators. This introduction to advanced topics will serve as further study for students after training.