Black Hat USA Registration Black Hat USA Registration Black Hat USA Briefings Black Hat USA Briefings Black Hat USA Training Black Hat USA Training Black Hat USA Schedule Black Hat USA Schedule Black Hat USA Sponsors Black Hat USA Sponsors Black Hat  USA Special Events Black Hat  USA Special Events Black Hat USA Venue Black Hat USA Venue

On This Page

Peach Fuzzer: Embedded Edition

Déjà vu Security | July 29-30



Ends May 31



Ends July 24



Ends July 30


Fuzzing continues to be the fastest way to find security issues and test for bugs. Effective Hardware Fuzzing with Peach will introduce students to the fundamentals of device fuzzing. Peach was designed to fuzz any type of data consumer from servers to embedded devices. Researchers, corporations, and governments already use Peach to find vulnerabilities in hardware. This course will focus on using Peach to target embedded devices and collect information from the device in the event of a crash. Students that take this course will be able to interface or extend Peach to fuzz their own hardware platforms.

The course is designed to be student-centric, hands-on, and lab intensive. On day one you will learn to bridge the Peach Fuzzing Framework to target hardware. You will learn how to use Peach to fuzz the variety of targets, buses, and protocols an embedded device can present. On the second day you learn how to collect feedback from behind the silicon curtain and extend Peach to fit your custom hardware targets.


Fuzzing Experience, Some Hardware Experience

Materials That Students Will Be Provided With

Materials That Students Should Bring

Modern Laptop capable of running VMWare, with a minimum 20 GB free disk, 1GB RAM (2GB RAM recommended), 2 USB Ports, Ethernet jack, VMWare Player (free)


Adam Cecchetti is a founding partner, consultant, and security researcher at Déjà vu Security. Adam specializes in application and hardware penetration testing. Adam has over 10 years of professional penetration testing experience and is a contributing author to multiple security books, benchmarks, tools, and research projects. Adam holds a master's degree from Carnegie Mellon University in Electrical and Computer Engineering. He has been leading application penetration tests, hardware reverse engineering, code and design reviews for the Fortune 500 for the last decade. Adam's research is currently heavily focused on hardware fuzzing and automated exploitation analysis.

Jordyn Puryear is a Security Engineer at Déjà vu Security where he works on the development and testing of the Peach Fuzzing Framework. Jordyn’s current research is focused on fuzzing network and wireless protocols.