Zero-day Fundamentals

Target Audience: Pentesters, TSCM Personnel, Network Defenders

Instructor: Josiah Bryan (https://halcyonic.net/)

Where: Huntsville, AL
When: You Pick the Date

Prerequisites: Beginner level experience using the C programming language.

Maximum Number of Class Slots: 15
Minimum Needed for a Class: 3

Price per Student Slot: $5,695.00

Please Contact Us for purchasing information or if you have any questions.

SKU: C0008 Categories: , Tags: ,

The Skinny Research and Development Zero Day Fundamentals (ZDF) class uncovers the secrets and techniques of locating and exploiting unknown cyber security flaws referred to as ‘Zero-Day’ vulnerabilities. This hands-on class will instruct students on how to detect both common and exotic security bugs using popular open source tools on a large scale.

Zero-day exploits are discovered by security researchers, nation-states, cyber defense professionals, and hacktivist groups worldwide to infiltrate computer systems, networks, critical infrastructure, and Internet of Things (IoT) devices. As technology advances, cybercrime continues to spread into every global industry. This makes the race to find Zero-Day vulnerabilities crucial to the success of any organization.

Students will be armed with the technical and procedural skills required to perform quality Zero-Day research focused on finding new flaws in software and firmware that have not yet been identified. By finding flaws in computer systems before cybercriminals, each organization can ensure all products and services maintain a high level of integrity and security. Check out the Trophies page to see our latest Zero-day finds in the wild.

Students will receive:

Prebuilt Fuzzing Workstation

Keyboard and Mouse

Portable Display


Course Virtual Machines

Course Pentesting Tools and Scripts


Day 1 Day 2 Day 3 Day 4 Day 5
C/C++ Review

Discovering Overflows

Null Pointer Dereferences

Bypassing DEP and ASLR

U-A-F and DF Vulnerabilities

Manual vs Automated Fuzzing

Intro at AFL++

Fuzzing File Parsers

Fuzzing Program Inputs

Discovering Known CVEs and AFL++

OWASP Top Ten Review

Zero-Day Vulnerabilities:

  • Broken Access Control
  • SSRF
  • Injection
  • File Upload
XSS Zero-Day Vulnerabilities

Open Redirect Zero-Day Vulnerabilities

Intro to Boofuzz

Fuzzing Network Services

Reviewing of Fuzzing Techniques

Capture the Flag