Duration: 2 Days
Audience Level: Intermediate
If you want to “have” your CVE, you have come to the right place! The workshop is designed to introduce participants to the arcana of the best methods and tools for automatic detection of vulnerabilities and bug analysis in software in a practical way.
In the beginning, we will focus on understanding techniques: binary analysis, searching for various types of vulnerabilities and debugging. We “bite” into practical fuzzing and mistakes that keep programmers awake at night using their non-deterministic occurrence. Participants will learn techniques for analyzing application weaknesses, writing grammars, and obtaining test corpora guaranteeing exciting results.
After understanding the aspects of bughunting, the time will come to automate vulnerability analysis and debugging methods to ensure that defective code elements are quickly found.
The training focuses on x86 / x64 architecture, and attacking projects processing data in various formats (text, binary), network fuzzing on Windows and BSD/Linux platforms.
- IT security specialists and pentesters, programmers and testers;
- IT security researchers;
- IT security solutions providers;
- IT security enthusiasts;
- everyone who is thinking about a career in the field of offensive application security!
- Basics of programming in C / C++ or Python;
- Basic knowledge of operating systems BSD / Linux and Windows family;
This training will teach you
- characteristics of vulnerability classes and methods of defense against them;
- techniques for automatic bug search and selection of the best tools in the industry for discovering vulnerabilities (blackbox, graybox, whitebox);
- basics of binary analysis;
- to analyze and automate the analysis of found vulnerabilities;
- to tune (network, files, binaries) and scale the fuzzing process on many levels: fuzzer, operating system, and harness;
- to write your fuzzer for the selected open-source project;
- ready-to-implement Fuzz-Driven Development approach;
What do the participants of the first edition of the workshop say?
The average rating of surveys conducted among the participants was 4.86 / 5.
“Trainer’s openness, specific examples, usefulness, online materials."
“The trainer has great knowledge related to the subject of training."
“If I could, I would give a rating of 6 (A)!"
“The trainer is a specialist, and you can see it at every turn."
“B+ grade because of online materials!"
Do not hesitate to contact us and discuss your requirements.