Rust Security Audit and Fuzzing [HITB+ CYBERWEEK 2021]

$3,299.00

Duration

3 days

Delivery Method

Level

intermediate

Seats Available

20

Duration

3 days

Delivery Method

Level

intermediate

ATTEND IN-PERSON: Onsite in Abu Dhabi

DATE: 21-23 November 2021

TIME: 09:00 to 17:00 GST/GMT+4

Date Day Time Duration
21 Nov Sunday 0900-17:00 GST/GMT+4 8 Hours
22 Nov Monday 0900-17:00 GST/GMT+4 8 Hours
23 Nov Tuesday 0900-17:00 GST/GMT+4 8 Hours

 



Rust is a strongly typed and safe systems programming language developed by Mozilla. Recently, it has become the language of choice to build memory-safe programs while maintaining high performance at scale. Rust is usually used for file format and protocol parsers but also on critical projects like in the new high-performance browser engine, Servo.

However, coding using memory-safe language doesn’t mean the code will be free of bugs. Different kinds of vulnerabilities like integer overflows, OOM, DoS, UaF, OOB, etc. can still be found and sometimes exploited to achieve remote code execution (RCE).

This course will give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using Rust auditing tools. Finally, you will discover how to build custom Rust fuzzers, triage/debug crashes and improve your code coverage using different techniques. This training offers participants multiple hands-on exercises allowing them to internalize concepts and techniques taught in class.

Agenda

  • Day 1 - Rust Audit and Code Review

    The first day focuses on code audit and Rust security vulnerability research. Students will first learn which security mechanisms are enforced by default in Rust, which vulnerabilities are the most common and how to detect them. Students will have the opportunity to analyze unsafe code and apply much of the theory in practice over small real-life hands-on assignments to highlight aspects of auditing Rust code. Topics • Introduction to Rust and its Ecosystem • Security concepts - Ownership, Borrowing and Lifetime • Rust most common vulnerabilities - Error handling & Unwrapping, Panicking macros, Arithmetic errors - Index out of bound, Stack overflow, resource exhaustion (OOM) • Unsafe codes - Tooling and Sanitizers (ASAN, MSAN, etc.) - Out of bound access (OOB), Use-after-free (UAF), Double free, Memory leak, Data Races and Race Conditions • Rust advanced vulnerabilities - Logic bugs, FFI, Cryptographic issues, Uninitialized & Zeroing memory • Attack surface discovery & Auditing tools Assignments • Assignment 1: Rust introduction and security concepts - A short introduction to Rust language and its ecosystem. - Compile and execute Rust code examples. - Discover how Rust's security mechanism works. • Assignment 2: Detect most common Rust vulnerabilities - Identify multiple vulnerabilities and their impacts. - Reproduce bugs and learn how to detect them in the future. - Evaluate security of real-life crate packages using code review. • Assignment 3: Auditing unsafe code - Understand why unsafe code exists and when it can be dangerous. - Detects unsafe memory issues using sanitizing tools. - Analyze real-world usage of unsafe code. • Assignment 4: Real-World: Audit popular Rust packages - Choose targets to audit from popular libraries. - Identify interesting code patterns. - Share hypotheses and findings.

  • Day 2 & 3 - Rust Fuzzing and Crash Analysis

    These second and third days are more focused on automated Rust vulnerability detection using different fuzzing techniques. Students will first learn how to create Rust fuzz testing harnesses for a given target quickly using coverage-guided fuzzing. They will evaluate the Rust fuzz testing results and analyze crashes using debugging. Students will finally discover other advanced techniques to find in-depth bugs on popular Rust libraries. Finally, they will apply what they learn against 10+ well used Rust libraries to find bugs. Topics • Fuzzing Introduction and Workflow • Coverage-guided Fuzzing in Rust - cargo-fuzz, afl-rs, honggfuzz-rs • Improve your Fuzzing Process - Code coverage, Corpus selection, Corpus minimization • Crashes Triaging and Debugging • Structure-aware & Grammar-based Fuzzing • Other Advanced Testing techniques - Symbolic Execution, Formal verification - Differential Fuzzing Assignments • Assignment 5: Fuzzing Rust library in less than 5 minutes - Learn the different steps in the fuzzing workflow. - Discover which Rust coverage-guided fuzzers are the best. - Write Rust fuzz testing harnesses for real-world public libraries. • Assignment 6: Improve and analyze your fuzzing session - Generate code coverage to evaluate fuzzing results. - Minimize both corpora and crashes to optimized Rust fuzzing speed. - Triage and analyze bugs found during fuzzing. • Assignment 7: Applied advanced Rust fuzzing techniques - Learn how to fuzz Rust structure using structure-aware based fuzzing. - Improve fuzzers input generation using grammar-based fuzzing. - Implement differential fuzzing to find logic bugs. • Assignment 8: Real-World: Fuzzing popular Rust packages - Choose targets to fuzz from previously audited libraries. - Create different Rust fuzzing harnesses for popular file and text format parser. - Analyze and triage their crashes to find 0-days.

Why You Should Take This Course

TBA

Who Should Attend

This course is for anyone who’s looking for a hands-on and pragmatic approach to audit and secure Rust code such as: Security engineers, Vulnerability researchers, Pentesters & Red team professionals and Software developers.

Key Learning Objectives

  • Introduction to Rust and its Ecosystem

  • Security concepts, Ownership, Borrowing and Lifetime

  • Rust most common vulnerabilities - Error handling & Unwrapping, Panicking macros, Arithmetic errors, Index out of bound, Stack overflow, resource exhaustion (OOM)

  • Unsafe codes - Tooling and Sanitizers (ASAN, MSAN, etc.), Out of bound access (OOB), Use-after-free (UAF), Double free, Memory leak, Data Races and Race Conditions

  • Advanced Rust security vulnerability - Logic bugs, FFI, Cryptographic issues, Uninitialized & Zeroing memory

  • Attack surface discovery & Rust security Auditing tools

  • Rust Fuzz testing workflow and Corpus selection

  • Coverage-guided Rust Fuzzing - cargo-fuzz, afl-rs, honggfuzz-rs

  • Code coverage, Corpus minimization

  • Crashes Triaging and Debugging

  • Structure-aware & Grammar-based Fuzzing

  • Other Advanced Fuzz Testing techniques - Differential Rust Fuzzing, Writing Custom Rust Fuzzers
  • Prerequisite Knowledge

    Participants should have some basis with the Rust language and Linux. All the theory and concepts about Rust security vulnerability research and Rust fuzz testing will be explained during the course.

    Hardware / Software Requirements

    • A working laptop capable of running virtual machines
    • 8GB RAM required, at a minimum
    • 40 GB free Hard disk space
    • VirtualBox / VMware

    Your Instructor

    No data was found