Modern C/C++ Vulnerability Discovery, Exploitation, Hardening
Chris Rohlf | July 30-31 & August 1-2
Overview
This training course is designed for anyone who wants to learn how to find exploitable vulnerabilities by manually auditing the source of large and complex C/C++ programs. The introductory material covers how to identify vulnerable code patterns and conceptualize the process runtime just from studying code. After that we dive in and focus on discovering and analyzing real world vulnerability classes such as use-after-free and type confusion, exploitation primitives, and program hardening via sandboxing and more. This course is unique because it will not only teach you techniques to find new vulnerabilities, but also analyze code for exploitation primitives that can be leveraged for target specific exploitation. There is no other training offered like this anywhere else. I am confident students will finish the course with a different perspective on how to discover new zero day vulnerabilities through manual source code auditing. This course is completely up to date and has been refreshed for the 2016 Black Hat training event!
Who Should Take this Course
Penetration testers and security consultants, vulnerability researchers, offense driven security staff, application developers, anyone interested in what modern code execution vulnerabilities look like
Student Requirements
- Basic knowledge of C/C++
- Basic knowledge of memory corruption vulnerabilities
- Basic knowledge of OS internals (Win32/Linux/OS X)
What Students Should Bring
A laptop with their preferred code IDE installed
What Students Will Be Provided With
- Source code from open source projects we will analyze
- Source code for the custom IPC/RPC server developed for this course
- Training manual
Trainers
Chris Rohlf currently runs the Yahoo pentest and red team. He was previously the founder of Leaf SR (http://leafsr.com), a boutique security consulting and research company before it was acquired by Yahoo. Prior to founding Leaf SR, Chris was a principal security consultant at Matasano Security in NYC. He has spent the last 13 years as a security researcher, consultant, developer and engineer for organizations including the US Department of Defense. Chris is also a member of the Black Hat Review Board. He has spoken at industry conferences including Black Hat Vegas 2009/2011/2012, guest lectured at NYU Poly in Brooklyn NY, has been published in IEEE Security and Privacy magazine and is occasionally quoted by various media outlets. He has discovered critical security vulnerabilities in every major web browser, operating systems and more.