CanSecWest: Security Masters Dojo Vancouver
Peach FuzzRegister for March 4-5 Course
Fuzzing is the technique of finding flaws and vulnerabilities in solutions through the mutation of data. This technique is a preferred way of both defenders and attackers to discover vulnerabilities. The Peach Fuzzing Framework is the most widely used fuzzing system. Researchers, corporations, and governments use Peach to find vulnerabilities in hardware and software. Peach was designed to fuzz any type of data consumer from servers to embedded devices. Peach is a cross platform framework that runs on Windows, Linux, and OS X.
This class will focus on the latest release of Peach 3 and is taught by the creator of Peach, Michael Eddington.
You will learn to create both dumb and smart fuzzers and apply these concepts and tools to your unique environment.
The course is designed to be student-centric, hands-on, and lab intensive. On day one the Peach Fuzzing Framework is introduced from a practitioner's perspective. You will learn how to use Peach to fuzz a variety of targets including network clients & servers, file consumers, and API interfaces such as COM. On the second day you will develop and run fuzzers against real world targets; using Peach to mutate data and collect crashes.
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
Upon completion of the course and labs you will be able to:
- Understand the core concepts of fuzzing
- Understand data modeling and mutation in Peach
- Use Peach to create dumb fuzzers to accelerate finding bugs
- Use Peach to create smart fuzzers to dig deep into application internals
- Setup Peach to fuzz a variety of different data consumers
- Files consumers like Web Browsers, Movie Players and Media Streamers
- Network clients and servers
- API based targets such as COM
- Modern multi-core laptop
- At least 2GB of ram
- VMWare Player (or similar)
- 30GB of free disk space