$3,500

Vulnerability Research and Fuzzing (Q4-2021)

Actions and Detail Panel

$3,500

Event Information

Share this event

Date and time

Location

Location

Online event

Refund policy

Refund policy

Contact the organiser to request a refund.

Eventbrite's fee is nonrefundable.

Event description
Vulnerability Research & Fuzzing training for Q4 2021, this course will be delivered online (typical streaming hours being 9am - 5pm AEST).

About this event

Instructor: Christopher Vella (@Kharosx0)

Delivery: Online (Microsoft Teams), instructions will be sent to students close to the training date.

Audience: Anyone looking to get into windows vulnerability research and fuzzing, although many of the concepts and approaches taught can be used for fuzzing on other platforms (MacOS/Linux, etc) all the exercises will focus on windows. Also useful for red-teamers looking to add zero-days to their arsenal (with a dedicated section on finding quick 0-days on time-limited engagements). Most topics are beginner friendly and assume limited or no prior experience with modern fuzzing approaches and windows vulnerability research, with advanced topics (hypervisors & emulators for example) presented in an easy-to-understand manner.

Goal: At completion of the training, you should be familiar with modern bug classes (logic vulnerabilities, TOCTOU, buffer overflows, file system related, double-fetch, etc) and how to discover 0-day vulnerabilities in both userland and kernel components via manual approaches (involving both static and dynamic analysis), and state-of-the-art fuzzing techniques using both public and custom tooling. You will also have practical experience finding vulnerabilities in closed-source binaries (with real 0-day hunting exercises, and multiple 0-days demonstrated during training). Students will also be provided with advanced custom tooling developed and used by the author to assist with vulnerability research.

At completion of the training, students will also be provided a Discord link to ask further questions and collaborate.

Bio: Christopher has extensive experience with vulnerability research and is currently employed as a vulnerability researcher at Microsoft (focusing on Hyper-V fuzzing and bug hunting). Public vulnerabilities discovered by Christopher include (CVE-2020-17414, CVE-2020-24559, CVE-2021-25250, CVE-2020-24557, CVE-2020-24556, CVE-2020-24558, + more) alongside multiple non-public vulnerabilities.

Prerequisites:

  • Basic programming skills (C/C++) are preferred to get the most out of the course, but not required
  • A disassembler/decompiler (Binary Ninja, IDA, Ghidra)
  • Two Windows 10 instances (Host & Guest, for remote kernel debugging)
  • WinDBG (Preferable WinDBG Preview available on the Windows App Store)
  • Virtualization software (VMWare or Hyper-V or VirtualBox)
  • Visual Studio Community 2019+ with the “Desktop development with c++” and “.NET desktop development” packages installed, and the “Windows 11 WDK” (follow the instructions on https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk)

Further Details:

  • Multiple hands-on exercises for each section, including cheat sheets for tool usage and tips
  • Exercises targeting real software to demonstrate finding real 0-days in code (with live 0-days demonstrated against some target software)
  • Windows internals explained relating to the windows kernel, hypervisors, user-land components (IPC, named pipes, shared memory, + more)
  • Practical experience leveraging fuzzing on real targets, with the ability to target arbitrary software with fuzzing techniques (file parsers, network protocols, kernel drivers, etc), there will also be exercises where the student can fuzz and find vulnerabilities in targets of their own choosing (user-land or kernel-land targets)
  • Develop custom tooling to assist with vulnerability research on Windows
  • Learn the internal workings and usage of standard public tooling for vulnerability research (and understand any deficiencies)
  • Use kernel debugging and driver reverse engineering techniques to find and debug vulnerabilities in kernel code
  • Exercises with crash triaging techniques and program analysis concepts including taint analysis to root-cause vulnerabilities
  • Students will also be provided custom tooling to assist with vulnerability research, including custom kernel drivers to demonstrate advanced techniques.
  • Touch on advanced, state-of-the-art fuzzing techniques against hard targets (e.g. Hypervisors, iOS, Android) such as snapshot fuzzing techniques, custom hypervisors / kernels for fuzzing, and custom emulators. This introduction to advanced topics will serve as further study for students after training.

Syllabus:

Core Windows Internals (Key Knowledge):

  • Kernel / User
  • Attack Surface
  • Hypervisors

Debugging & Crash Analysis (Bug Analysis):

  • User / Kernel
  • Time-Travel
  • Taint tracing
  • Crash Triaging & Tooling to root-cause bugs

Fuzzing (Bug Discovery):

  • State of fuzzing (public tooling and state-of-the-art approaches)
  • Harness development
  • Reverse engineering for effective harness development
  • Instrumentation
  • Intro to using Emulators and Hypervisors
  • Corpus management
  • Real target challenges (and 0-day hunting)

Fast 0-days (Bug Discovery) :

  • Tools and techniques to quickly find exploitable 0-days in time-limited engagements (e.g. red teams)
  • Custom tooling to assist with finding quick bugs
  • Easily identifiable vulnerable patterns in common windows code

Contact: For any questions, email training@christopher-vella.com

Tax Invoice: Note that GST is not charged for this event by the organizer, for anyone who requires an invoice send through an email to the contact above and one will be generated for you

Date and time

Location

Online event

Refund policy

Contact the organiser to request a refund.

Eventbrite's fee is nonrefundable.

Organiser Christopher Vella

Organiser of Vulnerability Research and Fuzzing (Q4-2021)

Save This Event

Event Saved