Our ‘Advanced C/C++ Source Code Analysis’ training course is designed for organizations who want to educate their staff on how to find exploitable vulnerabilities by manually auditing the source of large and complex programs. This course does not cover introductory buffer overflows on example code, instead students will focus on real world web browser and common library vulnerabilities. The course covers topics such as use-after-free, type confusion and more. The introductory material covers how to identify vulnerable code patterns and conceptualize what the process would look like at runtime. Students will learn the wrong way to use WebKit’s RefPtr and Microsoft’s VARIANT structure, and not study the same old strcpy pattern from a decade ago. This course is unique because it will not only teach you techniques to find new vulnerabilities, but also analyze code for exploitation primitives that can be leveraged for target specific exploitation. This course is completely up to date with the latest in memory corruption research. There is no other training offered like this anywhere else. We are confident students will finish the course with a different perspective on how to discover new zero day vulnerabilities through manual source code auditing. As always, this course has been updated for the Black Hat training event!
Penetration testers and security consultants, vulnerability researchers, offense driven security staff, application developers, anyone interested in what modern code execution vulnerabilities look like.
• Basic knowledge of C/C++
• Basic knowledge of memory corruption vulnerabilities
• Basic knowledge of OS internals (Win32/Linux/OS X)
A laptop with their preferred code IDE installed.
• Source code from open source projects we will analyze
• Source code for the custom IPC/RPC server developed for this course
• Training manual
Chris Rohlf is the founder of Leaf SR (http://leafsr.com), a boutique security consulting and research company. Prior to founding Leaf SR, Chris was a principal security consultant at Matasano Security in NYC. He has spent the last 10 years as a security researcher, consultant, developer and engineer for organizations including the US Department of Defense. Chris is also a member of the Black Hat Review Board. He has spoken at industry conferences including Black Hat Vegas 2009/2011 and 2012, guest lectured at NYU Poly in Brooklyn NY, has been published in IEEE Security and Privacy magazine and is occasionally quoted by various media outlets. He has discovered critical security vulnerabilities in every major web browser, operating systems and more.