Code Review is a course that will take through the numerous cases of undefined or platform specific behavior in C that can be utilised by attackers. We'll look at every part of the C language, with numerous real-world examples of bugs found by the trainer. This course is focused toward not only to secure code but vulnerability research, and time will be spent on relating memory corruption heap bugs to current attacks on the Linux Heap allocator. Moreover, we'll look at automated ways to discover bugs, using fuzzing and static analysis. Finally, we will look at ways to fix and secure buggy C code. For a comprehensive analysis of C bugs and code review with relevance to vulnerability research and writing secure code, attend this course.
Day 1 begins with a refresher of programming in the C environment.
Day 2 moves onto automated vulnerability discovery and heap exploitation. We will briefly cover the internals of the Linux ptmalloc heap and develop several attacks that work on current Linux. Additionally, we will use AFL to fuzz, and a variety of static and dynamic analysis tools to discover bugs in current real-world software.
Day 3 looks at C bug classes and numerous bugs in a variety of Operating Systems will be used as examples. We will re-enforce these bug classes by working through a variety of toy' programs to trigger incorrect behavior and crashes.
Co-founder, BSides Canberra
Dr Silvio Cesare (/tzre/ chez-ARR-ay) from InfoSect is an Australian security researcher known for his multiple articles in phrack, talks at numerous security conferences including Defcon and Black Hat Briefings. Silvio is also a former member of w00w00. He is credited with the publication of the first ELF virus for UNIX-like operating systems.
His security research includes an IDS evasion bug in the widely deployed Snort software. Silvio holds a PhD in Computer Science from Deakin University and is the co-founder of the security conference BSides Canberra. He earned his Master of Informatics and Bachelor of Information Technology from CQUniversity Australia. He currently operates the Canberra based training and consulting provider InfoSect.
For more information about this training visit https://www.researchandmarkets.com/r/1pwshw