Description
Have you noticed how some researchers continue to find flaws in even the mostr heavily reviewed applications? Would you like to develop those same skills, whether to find the next big 0day or protect against it?
Vulnerability Discovery Demystified teaches the techniques used by many prominent bug hunters to find some of the most critical and elusive vulnerabilities in real-world software. Coverage includes hands-on experience identifying how bugs can occur, what they look like in real code, and how you can leverage platform and language knowledge to attack a given application. This understanding will provide the necessary foundation for not just finding bugs, but also determining the potential exploitability and crafting more effective exploits.`
You should note that we will not be teaching fuzz-testing; nor will we teach students about running an automated code scanner and trying to collate results into a report. Instead, coverage focuses on a thorough application analysis and understanding - the more you understand about an application, the greater chance you have of learning its dirty secrets.
Outline
Static analysis fundamentals
Common vulnerability patterns
Core application analysis labs
Attack surface quantification
Manual code tracing exercises
Debugger assisted analysis labs
Understanding environment, OS, and API quirks
Leveraging application knowledge for exploits
Prerequisite working knowledge
Win32 and Unix
C/C++
ia32 ASM
IDA
Prerequisites
Laptop capable of running required software
IDA Pro
An IDE or source code browser
A debugger
Instructor: Mark Dowd
No bio.
Instructor: Justin Schuh
No bio.