$2,500

Event Information

Share this event

Date and Time

Location

Location

National Convention Centre Canberra

31 Constitution Avenue

Canberra, ACT 2601

Australia

View Map

Refund Policy

Refund Policy

Contact the organiser to request a refund.

Eventbrite's fee is nonrefundable.

Event description
In this 2-day course, students will learn the art and science of discovering bugs and vulnerabilities in C-based programs.

About this Event

Students will be introduced to the relationship between bugs and exploits through exploiting memory corruption bugs on the current Linux heap allocator, ptmalloc2. We’ll then examine automated methods to discover bugs in software through fuzzing and static analysis. The bulk of the course will systematically examine the numerous bug classes that can exist in C-based programs with many example bugs from current or recent systems code.

Syllabus

Day 1

Lectures

  • Virtual Memory
  • Debugging
  • Data Structures
  • Linux Heap Allocator Internals
  • Fuzz Testing
  • Bugs in Preprocessor
  • Bugs in Declarations and Initialisation
  • Bugs in Expressions
  • Bugs in Floating Point
  • Bugs in Arrays
  • Bugs in Characters and Strings

Labs

  • ptmalloc Heap Metadata Corruption
  • Fuzzing and AFL
  • Static Program Analysis
  • Coccinelle
  • Insecure Coding

Day 2

Lectures

  • Bugs in Memory Management
  • Bugs in Input Output
  • Bugs in Environment
  • Bugs in Signals
  • Bugs in Error Handling
  • Bugs in Miscelanrous
  • Bugs in Posix
  • Navigating the Linux Kernel
  • Bugs in Unix Kernels
  • Code Review Strategies

Labs

  • Userspace Auditing

Instructor Bio:

Dr Silvio Cesare is the Managing Director at InfoSect. He has worked in technical roles and been involved in computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He has reported hundreds of software bugs and vulnerabilities in Operating Systems kernels. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the scanner architect and a C developer at Qualys. He is also the co-founder of BSides Canberra – Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, is a 4-time Black Hat speaker, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).

Share with friends

Date and Time

Location

National Convention Centre Canberra

31 Constitution Avenue

Canberra, ACT 2601

Australia

View Map

Refund Policy

Contact the organiser to request a refund.

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved