Our ‘Advanced C/C++ Source Code Analysis’ training course is designed for organizations who want to educate their staff on how to find exploitable vulnerabilities by manually auditing the source of large and complex programs. This course does not cover introductory buffer overflows on example code, instead students will focus on real world web browser and common library vulnerabilities. The course covers topics such as use-after-free, type confusion and more. Students will learn the wrong way to use WebKit’s RefPtr and Microsoft’s VARIANT structure, and not study the same old strcpy pattern from a decade ago. The introductory material covers how to identify bad patterns and conceptualize what the process would look like at runtime. This course is unique because it will not only teach you techniques to find new vulnerabilities, but also analyze code for exploitation primitives that can be leveraged for target specific exploitation. This course is completely up to date with the latest in memory safety research. There is no other training offered like this anywhere else. We are confident students will finish the course with a different perspective on how to discover new zero day vulnerabilities through manual source code auditing.
Prior to founding Leaf SR, Chris was a principal security consultant at Matasano Security in NYC. He has spent the last 10 years as a security researcher, consultant, developer and engineer for organizations including the US Department of Defense. Chris is also a member of the BlackHat Review Board. He has spoken at industry conferences including BlackHat Vegas 2009/2011 and 2012, guest lectured at NYU Poly in Brooklyn NY, has been published in IEEE Security and Privacy magazine and is occasionally quoted by various media outlets. He has discovered critical security vulnerabilities in every major web browser, operating systems and more.