This is where the main content goes when you need one large content column -->
Black Hat USA 2009 Weekend Training Session
Finding Security Bugs in Closed-source Software: Beginner
Due to the ever-expanding nature of the topic, and to balance skill levels
in the class better, the course has been split into two halves. This is the first
half, which is intended for people with less than 2 years experience in this field.
In recent years, a large proportion of the focus in security research has been on
the analysis of programs in order to find memory-corruption vulnerabilities. Due
to the nature of the C language, it is particularly easy for developers to create
buggy applications. C and, by extension, C++ suffer from a plethora of subtle pitfalls
that have contributed to the proliferation of security-critical bugs in software.
The course assumes the following:
- You know C and some C++
- You know the important bits of the Intel x86 instruction set, enough to read
simple code snippets
- You have a decent idea of the 'basics', e.g. you understand simple buffer overflows
and simple exploitation methods
- You do not have extensive experience in using IDA Pro
The course will cover the following:
- Security defects – from the boring historical examples to nontrivial semantic issues,
from buffer overflows via integer issues to complicated object-lifetime issues
- Methodologies for source code review
- Introduction to binary review: What changes, what stays the same ?
- Using IDA Pro and other tools for bug hunting
- Reading & understanding disassemblies in order to find security defects
The course will spend approximately one day on source code and one day on binary review.
is Zynamics' founder. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network securityover time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he recently joined Black Hat as their main reverse engineer.
Ends Mar 15
Ends May 1
Ends Jul 22
This is where the main content ends when you need one large content column -->