Advanced C/C++ Source Code Analysis Training

Leaf SR is pleased to announce its first training course ‘Advanced C/C+ Source Code Analysis’. Most security researchers can find your average heap overflow but it takes a different skill set to discover use-after-free vulnerabilities through overloaded assignment operators when armed with nothing more than a text editor. This unique course offers students the chance to analyze exploitable memory corruption vulnerabilities in large and complex programs by manually reviewing source code. The introductory material in this course is short and covers our tricks and tips for diving into a massively complex source code repo from scratch. There are no basic stack overflows covered here. Students will focus on the latest in memory safety research by analyzing real world web browser and common library vulnerabilities. Understanding the root cause of a vulnerability is essential to identifying similar patterns and accurately assessing exploitability. We are confident students will finish this course with the skills they need to start finding vulnerabilities through manual source code review.

All students should have a good understanding of C and basic OS internals. Advanced students will have a working knowledge of C++ and memory corruption vulnerabilities. If you’re unfamiliar with these topics or just need a quick refresher then we recommend reading books like ‘C++ Primer Plus‘ and ‘The Art Of Software Security Assessment‘.

The Leaf SR training page has additional details regarding private training offerings and general information about this course. In addition to offering private training sessions Leaf SR has partnered with Trail Of Bits to offer this course to the public. The training is 2 days in duration and will be held on January 22nd and 23rd 2013 in lower Manhattan. You can find more information about signing up for the public course on the Trail Of Bits training page.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s