Login
FuzzingLabs Academy/Rust Security Audit and Fuzzing
Buy now

  • $2,400

Rust Security Audit and Fuzzing

Learn which kind of security vulnerabilities/bugs can be found inside Rust code, how to detect them statically and automatically using fuzzing techniques.
🎞️ 84 videos / ⏱️ 9.5 hours / πŸ‘¨β€πŸ’» 25+ exercises
Enroll Now

What you'll learn

Rust is a strongly typed and safe systems programming language developed by Mozilla. Recently, it has become the language of choice to build memory-safe programs while maintaining high performance at scale. Mostly, Rust is used for files format and protocols parsers but also on other critical projects like in the new high-performance browser engine, Servo.

However, coding using memory-safe language doesn’t mean the code will be free of bugs. Different kinds of vulnerabilities like integer overflows, OOM, DoS, UaF, OOB, etc. can still be found and sometimes exploited to achieve remote code execution (RCE).

This course teaches you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using different Rust auditing tools. You will discover how to use existing Rust fuzzing frameworks, triage/debug crashes and improve your code coverage using different techniques. Finally, you will discover how to build custom Rust fuzzers and implement advanced fuzzing techniques.

This training offers you multiple hands-on exercises allowing you to internalize concepts and techniques taught in class.

Trusted by Security Engineers at Leading Companies

Module 1 - Rust Audit & Code Review

  • Introduction to Rust and its Ecosystem
  • Security concepts
    • Ownership, Borrowing and Lifetime
  • Rust most common vulnerabilities
    • Error handling & Unwrapping
    • Panicking macros, Arithmetic errors
    • Index out of bound, Stack overflow
    • Resource exhaustion (OOM) 
  • Unsafe codes
    • Tooling and Sanitizers (ASAN, MSAN, etc.)
    • Out of bound (OOB), Use-after-free (UAF)
    • Double free, Memory leak
    • Data Races and Race Conditions
  • Advanced Rust security vulnerability
    • Logic bugs, FFI, Cryptographic issues
    • Uninitialized & Zeroing memory
  • Attack surface & Rust security Auditing tools

Module 2 - Rust Fuzzing & Crash Analysis

  • Rust Fuzz testing workflow and Corpus selection
  • Coverage-guided Rust Fuzzing
    • cargo-fuzz, afl-rs, honggfuzz-rs
  • Code coverage, Corpus minimization
  • Crashes Triaging and Debugging
  • Structure-aware & Grammar-based Fuzzing
  • Other Advanced Fuzz Testing techniques
  • Differential Rust Fuzzing
  • Writing Custom Rust Fuzzers

What's included?

πŸ”‘ Immediate access to all the content
⏱️ 9.5 hours of curated and practical knowledge
🎞️ 80+ easy-to-digest, on-demand videos
πŸ‘¨β€πŸ’» 25+ hands-on exercises & labs
♾️ Lifetime access
πŸ“– 280+ digital and printable slides
πŸ“ Assignments to apply your new skills
πŸ’― Certificate of completion

Who should attend?

This course is for anyone who's looking for a hands-on and pragmatic approach to audit and secure Rust code such as:

βœ” Software developers
βœ” Security engineers
βœ” Vulnerability researchers
βœ” Pentesters & Red team professionals

What's included in this bundle?

Rust Audit & Code Review

Learn which kind of security bugs can be found inside Rust code and how to detect them statically.
🎞️ 42 videos / ⏱️ 5 hours / πŸ“– 160 slides
View details

Rust Fuzzing & Crash Analysis

Learn how to use Rust fuzzers, develop harnesses and apply different fuzzing techniques to find bugs.
🎞️ 42 videos / ⏱️ 4.5 hours / πŸ“– 120 slides
View details

Rust Security Virtual Machine

Virtual machine with everything installed for the Rust Security Audit and Fuzzing training.
View details

What Students are Saying...

Anonymous

This course is pure gold. I wasted weeks looking for an alternative instead of taking this course directly. Huge mistake on my end because Patrick's slides are awesome and teach everything you need to know about for Rust security.

Anonymous

I learned solid basis for rust programming and auditing, and by far the most interesting topic was fuzzing, which I had no knowledge about it before the class. Exercices are very practical as well !

Georgios.D

Essential training covering all shorts of issues and scenarios. A well rounded training that does not leave anything uncovered. A great place to start when entering Rust space.

Alexander.K

Very good practical training with focus on developing secure appswith Rust and fuzzing techniques, but also covers other testing methodologies. As a developer relatively new in Rust, I've learned a lot about general principles that should be used to develop safe applications, and various tooling built around Rust infrastructure that makes development much easier.

Irina.K

I personally have learned a lot. I have to admit that this training is more for advanced Fuzzing and Rust experts or those who want to become one. I don't have as much experience in these two topics, since I'm not a developer but a security manager. Nevertheless, I was very interested in these topic and I found the training very good!  Thank you Patrick!

Deholo.N

Excellent course documentation! Having videos with the instructor working through examples live, debugging issues live, starting from scratch is a game changer for beginners. Online course are significantly better than in person. Pat is knowledgeable and able to provide effective, concise, practical tips.

Anonymous

Really good overview of techniques, live examples of common tools is super helpful and provides a good basis for building on knowledge gained in the training.

  • $2,400

Rust Security Audit and Fuzzing

Learn which kind of security vulnerabilities/bugs can be found inside Rust code, how to detect them statically and automatically using fuzzing techniques.
🎞️ 84 videos / ⏱️ 9.5 hours / πŸ‘¨β€πŸ’» 25+ exercises
Enroll Now

Recognized by the Global Security Community

We speak, train, and compete at the world’s most respected security conferences.

Meet Your Instructor

Hey! πŸ‘‹ My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

You can read more about me by clicking here.
XLinked_inYoutubeWebsiteMail

FREE Resources & Trainings

Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. πŸ‘‡

You're signing up to receive emails from FuzzingLabs Academy

Frequently Asked Questions

Please, contact us here if you have any other question!

How to get access to my Fuzzing Labs courses?

FuzzingLabs is using the podia.com platform to provide the course materials.
Immediately after placing your order, you will receive an email with your login details. 

I can't or don't want to pay with Paypal or a credit card, can I still join?

Yes of course, just send me an email at fuzzinglabs@gmail.com and we will see how to make it work.

I would prefer to have an online/onsite LIVE training experience, is it possible?

We also offer all the training on this platform in a LIVE online format upon request.
Customization of on-site/online training can also be possible for small groups of attendees and depending on the timezone. Don't hesitate to contact me by mail, the popup chat, or using this form.

For how long I get access to the course?

Any courses in the FuzzingLabs Academy come with life-time access.

Will the training be updated in the future?

Courses will be updated over time and you will receive a notification email.

I'm a student, can I have a special discount?

Yes ;) Send me a message using the chat popup and we will discuss the requirement.