(In)Secure C++: Sec Edition



Kursarrangør: Programutvikling AS
Sted: Magazinet Kongsberg
          Buskerud, Kongsberg
Kursadresse: Chr. Augusts gate 1, 3611 Kongsberg (kart)
Type:Åpent kurs / gruppeundervisning
Studie / yrkesutdanning
Undervisningstid: kl 09:00 - 17:00
Varighet: 2 days
Pris: 13.490

We provide course about (In)Secure C++: Sec Edition. Gain essential knowledge, and hands-on experience, in effective vulnerability detection tools and techniques, and how these vulnerabilities are wielded in exploitation of C++ and C applications.

Content:
By deepening your understanding of exploitation, the motivations driving mitigations, and the identification of high-risk constructs, you will be able to design software that better meets your security needs. This training is explicitly targeted at C++ developers, though C developers will also benefit.

Secure coding practices in C++
The training will provide its students with:
• Knowledge on how to use tools to find vulnerabilities in native applications
• Give a hands-on experience in some exploitation techniques

Practical information:
• Chat - Slack: Will be setup a week in advance to facilitate resolving of any technical issue
• Exercises - Cloud VMs and a Cyber Dojo cloud instance: guarantees same environment
• This training is explicitly targeted at security professionals with some programming experience in C or C++

Training schedule:
Day 1 - Finding vulnerabilities using fuzzing:
• Introduction and Setup
• Introduction to exploitation, vulnerabilities and specifications
• Mitigations and Tooling: Static and Dynamic Analysis
• Undefined Behaviour and Compiler Optimizations
• Address Sanitizer
• Case Study: Heartbleed
• Fuzzing: AFL and libFuzzer
• Debugging Shellcode in GDB

Day 2 - Exploitation and writing shellcode:
• Exploitation: Format String Exploitation
• Vulnerability: Stack Buffer Overflow
• Exploitation: Writing and Testing Custom Shellcode
• Exploitation: Return Oriented Programming (ROP)
• Summary and Conclusion

Some of the topics covered:
1) Fuzzing and Sanitizers:
• How to use tools like Address Sanitizer and fuzzers like AFL/libFuzzer to find and fix security vulnerabilities. Here you will use fuzzing to find the Heartbleed vulnerability in OpenSSL. You will also be tasked with fixing Heartbleed, and then reviewing the fix that was shipped at the time, to get a realistic impression of how difficult it can be to analyze and fix vulnerabilities in real life scenarios.

2) Exploiting Buffer Overflows with Custom Exploit Shellcode:
• How to exploit buffer overflows and execute arbitrary code, and the mitigations that can help prevent it from happening. Here you will exploit a program with your own custom shellcode.

3) Return Oriented Programming (ROP) and Format Strings:
• How to bypass stack protection mechanisms using ROP and generated ROP chains. And we’ll use format string vulnerabilities as an example of a completely different way of exploiting applications.

Speaker: Patricia Aas, Senior Consultant & CTO at TurtleSec AS

Patricia Aas is an international speaker and has spoken at CppCon, ACCU, C++OnSea, NDC Security, NDC Oslo and many other conferences on subjects ranging from Sandboxing in Chromium to Vulnerabilities in C++. She has taught a range of subjects in Computer Science at the University of Oslo.

Patricia has a masters degree in Computer Science and 13 years professional experience as a programmer, most of that time programming in C++. During that time she has worked in codebases with a high focus on security: two browsers (Opera and Vivaldi) and embedded Cisco telepresence systems.

Target audience:
Anyone who wants course about (In)Secure C++: Sec Edition