DESCRIPTION

Rust is a strongly typed and safe systems programming language developed by Mozilla. Over the year, it has become the language of choice to build memory-safe programs while maintaining high performance at scale. Usually, Rust is used for files format and protocols parser but also on critical projects like in the new high-performance browser engine, Servo.

However, coding using memory-safe language doesn’t mean the code will be bugs-free. Different kind of vulnerability like overflows, DoS, UaF, OOB, etc. can still be found and sometime exploited to achieve remote code execution (RCE).

Goal of this course is to give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using Rust auditing tools. Finally, you will discover how to build custom Rust fuzzers, triage/debug crashes and improve your code coverage using different techniques.

Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

COURSE OUTLINE

Day 1 - Understand Rust security

The first day focuses on Rust code audit and vulnerability research. Students will first learn which security mechanism are enforced by default in Rust, which vulnerabilities are the most common and how to detect them. Students will have the opportunity to analyze unsafe code and apply much of the theory in practice over small real-life hands-on assignments to highlight aspects of auditing Rust code.

• Introduction to Rust
• Security concepts & Ownership
• Panicking macros
• Error handling & Unwrapping
• Unsafe codes
• Attack surface discovery
• Rust vulnerabilities & impacts
• Uninitialized & Zeroing memory
• Auditing tools

Assignment 1: Rust introduction and security concepts

• Students will get a short introduction to Rust language and its ecosystem.
• Students will compile and execute Rust code examples.
• Students will discover how Rust security mechanism works.

Assignment 2: Detect most common Rust vulnerabilities

• Students will identify multiple vulnerabilities and their impacts.
• Students will reproduce bugs and learn how to detect them in the future.
• Students will evaluate security of real-life crate packages using code review.

Assignment 3: Auditing unsafe code

• Students will understand why unsafe code exist and when it can be dangerous.
• Students will detect unsafe memory issues using sanitizing tools.
• Students will analyze real-world usage of unsafe code.

Assignment 4: Real-World: Audit popular Rust packages

• Students will choose targets to audit from popular libraries.
• Students will identify interesting code patterns.
• Students will share hypothesis and findings.

Day 2 - Rust vulnerability research & Fuzzing

This second day is more focus on automated Rust vulnerability detection using different fuzzing techniques. Students will first learn how to create fuzzing harnesses for a given target quickly using coverage-guided fuzzing. They will evaluate the fuzzing results and analyze crashes using debugging. Students will finally discover other advanced techniques to find in-depth bugs on popular Rust libraries.

• Setup fuzzers easily (libfuzzer, afl, honggfuzz)
• Crashes Triaging
• Structure-aware Fuzzing
• Debugging / Bugs analysis
• Code coverage
• Corpus minimization
• Sanitizers (ASAN, MSAN, …)
• Symbolic execution
• Vulnerability exploitation

Assignment 5: Fuzzing Rust library in less than 5 minutes

• Students will learn the different steps in the fuzzing workflow.
• Students will discover which Rust coverage-guided fuzzers are the best.
• Students will write fuzzing harnesses for real-world public libraries.

Assignment 6: Improve and analyze your fuzzing session

• Students will generate code coverage to evaluate fuzzing results.
• Students will minimize both corpora and crashes to optimized fuzzing speed.
• Students will triage and analyze bugs found during fuzzing.

Assignment 7: Applied advanced fuzzing techniques

• Students will learn how to fuzz Rust structure using structure-aware based fuzzing.
• Students will improve fuzzers input generation using grammar-based fuzzing.
• Students will implement differential fuzzing to find logic bugs.

Assignment 8: Real-World: Fuzzing popular Rust packages

• Students will choose targets to fuzz from previously audited libraries on day 1.
• Students will create different fuzzing hardnesses for popular file and text format parsers.
• Students will analyze and triage their crashes to find 0-days.

CLASS REQUIREMENTS

Prerequisites:

• Familiarity with Rust programming.
• Familiarity with Linux.

• SKILL LEVEL: BEGINNER / INTERMEDIATE

Laptop Requirements:

• A working laptop capable of running virtual machines
• 4GB RAM required, at a minimum
• 40 GB free Hard disk space
• VirtualBox

ONLINE PAYMENT

If your company is not subject to pay for EU VAT, want to pay by wire, register for a group discount, or require any non-standard invoicing, please use the following form and we will get back to as you as soon as possible: https://fuzzinglabs.com/contact/