All students should have a good understanding of C and basic OS internals. Advanced students will have a working knowledge of C++ and memory corruption vulnerabilities. If you’re unfamiliar with these topics or just need a quick refresher then we recommend reading books like ‘C++ Primer Plus‘ and ‘The Art Of Software Security Assessment‘.
Leaf SR is pleased to announce its first training course ‘Advanced C/C+ Source Code Analysis’. Most security researchers can find your average heap overflow but it takes a different skill set to discover use-after-free vulnerabilities through overloaded assignment operators when armed with nothing more than a text editor. This unique course offers students the chance to analyze exploitable memory corruption vulnerabilities in large and complex programs by manually reviewing source code. The introductory material in this course is short and covers our tricks and tips for diving into a massively complex source code repo from scratch. There are no basic stack overflows covered here. Students will focus on the latest in memory safety research by analyzing real world web browser and common library vulnerabilities. Understanding the root cause of a vulnerability is essential to identifying similar patterns and accurately assessing exploitability. We are confident students will finish this course with the skills they need to start finding vulnerabilities through manual source code review.
The Leaf SR training page has additional details regarding private training offerings and general information about this course. In addition to offering private training sessions Leaf SR has partnered with Trail Of Bits to offer this course to the public. The training is 2 days in duration and will be held on January 22nd and 23rd 2013 in lower Manhattan. You can find more information about signing up for the public course on the Trail Of Bits training page.