CanSecWest: Security Masters Dojo Vancouver
| Next Session Dates: | March 24/25 2008 |
| Venue: |
Mariott Renaissance Harbourside Vancouver, Canada |
| Duration: |
One Day Courses. Sessions begin at 10:00 a.m. and go to 6 p.m. |
|
Registration Maximum: |
10 Students per course session. |
| Price: | CAD$1800 Full day course |
Course: Vulnerability Discovery Demystified
Instructor
Mark Dowd & Justin Schuh
Register For This Course
Description
Have you noticed how some researchers continue to find flaws in even the mostr heavily reviewed applications? Would you like to develop those same skills, whether to find the next big 0day or protect against it?
Vulnerability Discovery Demystified teaches the techniques used by many prominent bug hunters to find some of the most critical and elusive vulnerabilities in real-world software. Coverage includes hands-on experience identifying how bugs can occur, what they look like in real code, and how you can leverage platform and language knowledge to attack a given application. This understanding will provide the necessary foundation for not just finding bugs, but also determining the potential exploitability and crafting more effective exploits.`
You should note that we will not be teaching fuzz-testing; nor will we teach students about running an automated code scanner and trying to collate results into a report. Instead, coverage focuses on a thorough application analysis and understanding - the more you understand about an application, the greater chance you have of learning its dirty secrets.
Outline
- Static analysis fundamentals
- Common vulnerability patterns
- Core application analysis labs
- Attack surface quantification
- Manual code tracing exercises
- Debugger assisted analysis labs
- Understanding environment, OS, and API quirks
- Leveraging application knowledge for exploits
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
Prerequisite working knowledge
- Win32 and Unix
- C/C++
- ia32 ASM
- IDA
Prerequisites
- Laptop capable of running required software
- IDA Pro
- An IDE or source code browser
- A debugger
