SEATS AVAILABLE: CLASS CANCELLED
Code Review is a course that will take through the numerous cases of undefined or platform specific behavior in C that can be utilised by attackers. We’ll look at every part of the C language, with numerous real-world examples of bugs found by the trainer. This course is focused toward not only to secure code but vulnerability research, and time will be spent on relating memory corruption heap bugs to current attacks on the Linux Heap allocator. Moreover, we’ll look at automated ways to discover bugs, using fuzzing and static analysis. Finally, we will look at ways to fix and secure buggy C code. For a comprehensive analysis of C bugs and code review with relevance to vulnerability research and writing secure code, attend this course.
Day 1 begins with a refresher of programming in the C environment.
Day 2 moves onto automated vulnerability discovery and heap exploitation. We will briefly cover the internals of the Linux ptmalloc heap and develop several attacks that work on current Linux. Additionally, we will use AFL to fuzz, and a variety of static and dynamic analysis tools to discover bugs in current real-world software.
Day 3 looks at C bug classes and numerous bugs in a variety of Operating Systems will be used as examples. We will re-enforce these bug classes by working through a variety of ‘toy’ programs to trigger incorrect behavior and crashes.
Students taking Code Review should have an intermediate C development background. They should have hands on experience in:
- C Coding Experience
Minimum Software to Install
- VMware Workstation or Player.