FuzzingLabs Academy/Rust Security Audit and Fuzzing

  • $2,400

Rust Security Audit and Fuzzing

    Learn which kind of security vulnerabilities/bugs can be found inside Rust code, how to detect them statically and automatically using fuzzing techniques.
    🎞️ 84 videos / ⏱️ 9.5 hours / πŸ‘¨β€πŸ’» 25+ exercises

    What you'll learn

    Rust is a strongly typed and safe systems programming language developed by Mozilla. Recently, it has become the language of choice to build memory-safe programs while maintaining high performance at scale. Mostly, Rust is used for files format and protocols parsers but also on other critical projects like in the new high-performance browser engine, Servo.

    However, coding using memory-safe language doesn’t mean the code will be free of bugs. Different kinds of vulnerabilities like integer overflows, OOM, DoS, UaF, OOB, etc. can still be found and sometimes exploited to achieve remote code execution (RCE).

    This course teaches you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using different Rust auditing tools. You will discover how to use existing Rust fuzzing frameworks, triage/debug crashes and improve your code coverage using different techniques. Finally, you will discover how to build custom Rust fuzzers and implement advanced fuzzing techniques.

    This training offers you multiple hands-on exercises allowing you to internalize concepts and techniques taught in class.

    Module 1 - Rust Audit & Code Review

    • Introduction to Rust and its Ecosystem
    • Security concepts
      • Ownership, Borrowing and Lifetime
    • Rust most common vulnerabilities
      • Error handling & Unwrapping
      • Panicking macros, Arithmetic errors
      • Index out of bound, Stack overflow
      • Resource exhaustion (OOM) 
    • Unsafe codes
      • Tooling and Sanitizers (ASAN, MSAN, etc.)
      • Out of bound (OOB), Use-after-free (UAF)
      • Double free, Memory leak
      • Data Races and Race Conditions
    • Advanced Rust security vulnerability
      • Logic bugs, FFI, Cryptographic issues
      • Uninitialized & Zeroing memory
    • Attack surface & Rust security Auditing tools

    Module 2 - Rust Fuzzing & Crash Analysis

    • Rust Fuzz testing workflow and Corpus selection
    • Coverage-guided Rust Fuzzing
      • cargo-fuzz, afl-rs, honggfuzz-rs
    • Code coverage, Corpus minimization
    • Crashes Triaging and Debugging
    • Structure-aware & Grammar-based Fuzzing
    • Other Advanced Fuzz Testing techniques
    • Differential Rust Fuzzing
    • Writing Custom Rust Fuzzers

    What's included?

    πŸ”‘ Immediate access to all the content
    ⏱️ 9.5 hours of curated and practical knowledge
    🎞️ 80+ easy-to-digest, on-demand videos
    πŸ‘¨β€πŸ’» 25+ hands-on exercises & labs
    ♾️ Lifetime access
    πŸ“– 280+ digital and printable slides
    πŸ“ Assignments to apply your new skills
    πŸ’― Certificate of completion

    Who should attend?

    This course is for anyone who's looking for a hands-on and pragmatic approach to audit and secure Rust code such as:

    βœ” Software developers
    βœ” Security engineers
    βœ” Vulnerability researchers
    βœ” Pentesters & Red team professionals

    What's included in this bundle?

    Rust Audit & Code Review

    Learn which kind of security bugs can be found inside Rust code and how to detect them statically.
    🎞️ 42 videos / ⏱️ 5 hours / πŸ“– 160 slides

    Rust Fuzzing & Crash Analysis

    Learn how to use Rust fuzzers, develop harnesses and apply different fuzzing techniques to find bugs.
    🎞️ 42 videos / ⏱️ 4.5 hours / πŸ“– 120 slides

    Rust Security Virtual Machine

    Virtual machine with everything installed for the Rust Security Audit and Fuzzing training.

    What Students are Saying...

    Anonymous

    This course is pure gold. I wasted weeks looking for an alternative instead of taking this course directly. Huge mistake on my end because Patrick's slides are awesome and teach everything you need to know about for Rust security.

    Anonymous

    I learned solid basis for rust programming and auditing, and by far the most interesting topic was fuzzing, which I had no knowledge about it before the class. Exercices are very practical as well !

    Georgios.D

    Essential training covering all shorts of issues and scenarios. A well rounded training that does not leave anything uncovered. A great place to start when entering Rust space.

    Alexander.K

    Very good practical training with focus on developing secure appswith Rust and fuzzing techniques, but also covers other testing methodologies. As a developer relatively new in Rust, I've learned a lot about general principles that should be used to develop safe applications, and various tooling built around Rust infrastructure that makes development much easier.

    Irina.K

    I personally have learned a lot. I have to admit that this training is more for advanced Fuzzing and Rust experts or those who want to become one. I don't have as much experience in these two topics, since I'm not a developer but a security manager. Nevertheless, I was very interested in these topic and I found the training very good!  Thank you Patrick!

    Deholo.N

    Excellent course documentation! Having videos with the instructor working through examples live, debugging issues live, starting from scratch is a game changer for beginners. Online course are significantly better than in person. Pat is knowledgeable and able to provide effective, concise, practical tips.

    Anonymous

    Really good overview of techniques, live examples of common tools is super helpful and provides a good basis for building on knowledge gained in the training.

    • $2,400

    Rust Security Audit and Fuzzing

      Learn which kind of security vulnerabilities/bugs can be found inside Rust code, how to detect them statically and automatically using fuzzing techniques.
      🎞️ 84 videos / ⏱️ 9.5 hours / πŸ‘¨β€πŸ’» 25+ exercises

      Meet Your Instructor

      Hey! πŸ‘‹ My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

      Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

      You can read more about me by clicking here.

      FREE Resources & Trainings

      Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. πŸ‘‡

      You're signing up to receive emails from FuzzingLabs Academy