T7: end-to-end advanced fuzzing on unix

Training Details

3-DAY TRAINING, 1-3 JUNE @ MEERVAART AMSTERDAM
TICKET PRICE: €1900 EX BTW

This three-day, hands-on training course is designed for security and engineering professionals who want to deepen their practical skills in advanced fuzz testing on UNIX systems. Participants learn an end-to-end fuzzing workflow - from target selection and build/instrumentation to harness design, corpus strategy, coverage-guided optimization, and crash triage - using modern fuzzing frameworks including AFL++, LibAFL, honggfuzz, and libFuzzer. The course covers both source-available and binary-only targets, with a strong emphasis on repeatable techniques, performance tuning, and campaign operations.

Training Outline

Day 1: Foundations and Workflow with AFL++

• Overview of Fuzz Testing: Key Concepts, Threat Model, and Practical Outcomes
• The End-to-End Fuzzing Workflow: Target => Harness => Corpus => Campaign => Triage
• Setting up the Fuzzing Environment: Toolchain, instrumentation, and run-time knobs
• AFL++ in Depth: Core operation, modes, and performance tuning basics
• Hands-On Lab: Fuzz a simple target with AFL++ (from build to first findings)
• Coverage & Observability: What to measure, how to interpret it, common pitfalls
• Crash Triage Essentials: Reproducibility, minimization, and initial deduplication

Day 2: Harness Development and libFuzzer (with targeted honggfuzz modules)

• libFuzzer Architecture and Practical Usage in Real Projects
• Harness Design Patterns: state reset, determinism, timeouts, input shaping
• Sanitizer-driven Bug Finding: practical configuration and debugging workflows
• Dictionaries and Seed Strategy: making coverage-guided fuzzing converge faster
• Hands-On Lab: Implement and tune a custom libFuzzer harness
• honggfuzz Overview: strengths, typical use cases, and integration patterns
• Coverage Analysis for libFuzzer / honggfuzz: interpreting signals and next steps
• Reachability Analysis: identifying promising entry points and code regions

Day 3: Binary-only Fuzzing and Running Successful Campaigns

• Fuzzing Binary-only Targets: practical strategies and tradeoffs
• Emulation Techniques: user-space vs system-level approaches, persistence patterns
• Hands-On Lab: Fuzz a **binary-only network service** end-to-end
• Crash Triage at Scale: bucketing, deduplication, minimizing, and reporting
• Comparative Decision Framework: AFL++ vs LibAFL vs honggfuzz vs libFuzzer
• Running Successful Fuzzing Campaigns: monitoring, stop criteria, iteration loops
• Sizing Fuzzing Servers: capacity planning, throughput optimization, and stability

Prerequisites

• Comfortable building and running software on UNIX (shell, build tooling).
• Ability to read and modify C/C++ code (labs are C/C++ oriented).
• Familiarity with debugging basics (gdb/lldb) is helpful.

Hardware & Software requirements

• A UNIX laptop, minimum 20GB disk space free and 16GB RAM
• Native Linux Ubuntu 24.04 recommended, other Linux or macOS is OK too
• Docker installation