FuzzingLabs Academy/Introduction to Java fuzzing

  • Free

Introduction to Java fuzzing

    Learn how to fuzz Java code using Jazzer.
    📦 Source code, 📝 Cheatsheet,  ğŸŽžï¸ Video

    1. Fuzzing Java code (JSoup) using Jazzer

    In this course, I will fuzz a popular Java library (JSoup) in order to find uncaught Java exceptions. I will explain how to create a fuzzing harness for this target using the Jazzer fuzzer. Then, I will run it and show you what's happening when you trigger crashes.

    2. Can we find Log4Shell with Java Fuzzing? (CVE-2021-44228 - Log4j RCE)

    In this video, I'm trying to find the famous Log4Shell RCE (CVE-2021-44228) using fuzzing. I'm targeting log4j version 2.14.1 and I'm using Java Jazzer fuzzer. I will show and give you everything to reproduce at home ;) 

    What's included?

    Fuzzing Java code (JSoup) using Jazzer

    Video: Complete step-by-step tutorial
      Cheatsheet : All the commands for the tutorial
      • 5.26 KB
      java_fuzzing_jazzer.zip
      • 4.67 KB

      Can we find Log4Shell with Java Fuzzing (Log4j 2 RCE - CVE-2021-44228)

      Video: Complete step-by-step tutorial
        Cheatsheet_log4shell_fuzzing_java_jazzer.md
        • 4.11 KB
        java_log4j_fuzzing_jazzer.zip
        • 4.76 KB

        Meet Your Instructor

        Hey! 👋 My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

        Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

        You can read more about me by clicking here.

        FREE Resources & Trainings

        Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. 👇

        You're signing up to receive emails from FuzzingLabs Academy