This course focuses on teaching individuals the importance of fuzzing and how fuzzing can be used for identifying the various software security bugs like buffer overflow, directory traversal, etc. The course teaches a student everything that is required from setting up tools that are required to actually running the fuzzing scripts and exploiting real world applications in Windows. This course is focused on Windows applications, however the same principles can be applied to applications running on Linux//Unix.
The course provides all the required software that can be downloaded from author's dropbox site. It also provides links to any other software that is required and every tool used is opensource or available for free.
The course is divided in to 4 chapters that go from the very basic to advanced level where a student would fuzz a network service.
Anyone interested in entering and learning about software exploitation and how do people identify 0-days exploits should take this course.
This chapter introduces the students to the wonderful world of fuzzing. The first chapter describes to the students what sort of software would be required and how it needs to be installed.
This chapter introduces the various concepts required to understand fuzzing technique. It also introduces the students to various fuzzing techniques that exist and teaches how to set up sulley and peach fuzzing frameworks.
This tutorial introduces students on how to fuzz a file based application using Sulley framework. Students should read the additional reference material attached with this one to ensure that they get the best out of the tutorial.
This tutorial will introduce on how to use Sulley framework for fuzzing network services. This chapter also provides an understanding of SafeSEH protection mechanism in Windows. Students should read the downloadable material first to understand the concepts and then follow the tutorial.
This tutorial teaches how to convert an exploit written in Python language to Metasploit framework. This ensures that you can make your exploits available to everyone in security community. Ensure to read the downloadble material before going through the video.
Nicholas Griffin is an experienced application security researcher by profession having 9+ years of experience in Application/Hardware security including 5 years of Security Research. He is passionate about developing new and unique security tools, teaching various security people ranging from novice to experts. Some of his contributions to Hacker's arsenal include writing Killerbee extensions, finding 0-day exploits in various embedded devices from command injection, web flaws to buffer overflows, writing security books, etc.