Black Hat USA Registration Black Hat USA Registration Black Hat USA Briefings Black Hat USA Briefings Black Hat USA Training Black Hat USA Training Black Hat USA Schedule Black Hat USA Schedule Black Hat USA Sponsors Black Hat USA Sponsors Black Hat  USA Special Events Black Hat  USA Special Events Black Hat USA Venue Black Hat USA Venue

On This Page

Peach Fuzzer: Effective Fuzzing

Déjà vu Security | July 27-28



Ends May 31



Ends July 24



Ends July 30


Fuzzing is the technique of finding flaws and vulnerabilities in solutions through the mutation of data. This technique is a preferred way of both defenders and attackers to discover vulnerabilities in a system. The Peach Fuzzing Framework is the most widely used fuzzing system. Researchers, corporations, and governments use Peach to find vulnerabilities in systems. Peach was designed to fuzz any type of data consumer from servers to embedded systems. Peach is a cross platform system running on Windows, Linux, and OS X.

This class will focus on the latest release of Peach 3 and is taught by Michael Eddington the creator of Peach.

You will learn to create both dumb and smart fuzzers and apply these concepts and tools to their unique environment. The course is designed to be student-centric, hands-on, and lab intensive. On day one the Peach Fuzzing Framework is introduced from a practitioner's perspective. You will learn how to use Peach to fuzz a variety of targets including network clients & servers, file consumers, and API interfaces such as COM. On the second day you will develop and run fuzzers against different targets mutating data and collecting crashes.

Upon completion of the course and labs you will be able to:


What Students Will Be Provided With

Printed slide book, Printed lab guide, USB Memory Stick with VMware images

What Students Should Bring

Students must provide a modern laptop (dual core minimum) with a minimum of 2GB RAM and 30GB free disk with vmware player (or similar) pre-installed.


Michael Eddington is the Chief Technical Officer at Déjà vu Security LLC and its Principal Consultant. He has over ten years of experience in providing security services to Fortune 500 companies in the US. Michael is a recognized thought leader in the fields of application security, network security, threat modeling, and fuzz testing. He routinely speaks and provides training at the top security conferences including Blackhat, CanSecWest and RSA. Michael is a passionate leader in the open-source security development community, contributing to projects including Trike (Threat Modeling), Outlook Privacy plug-in, and Peach Fuzz. Michael is the creator of the widely used Peach Fuzzing framework which is used by many top technology companies to find complex security vulnerabilities. His current research efforts are pushing security vulnerability testing and fuzzing to the next level with innovative tools and techniques.

Mick Ayzenberg