Training

Vulnerability Research in binary files

Objectifs

This training is given by professional vulnerability researchers working on complex target to ensure up-to-date contents. The training is built on real-world cases (1-days) and modern tools. It is focused on low-level languages and memory corruptions (C/C++/Obj-C). Vulnerability research is a broad topic and this training can be customized to meet your needs.

 

The training can also be adapted to medium to advanced level for security experts already familiar with reverse engineering and source code audits basics.

 

5 days / 10 hours of theory / 25 hours of practice

Contenu

This detailed content is provided as an example. The training can be tailored to dedicated more or less time to specific parts. Synacktiv can also create training on specific targets upon request.

 

  • Methodology

    • Attack surface

    • Research strategy

    • Attack path

    • Organisation and distribution of the work

    • Vulnerability patterns

  • Source code audit

    • Tools

      • Woboq

    • Variant analysis

      • CodeQL

      • Coccinnelle

    • Source code instrumentation

      • ASAN

      • LLVM plugins

  • Windows Kernel

    • Tools

      • WinDBG

      • IDA

    • Binary diffing to find 1-days

    • Vulnerability research in kernel modules

      • Entry points identification

      • Creation of an IOCTL fuzzer

  • Browsers

    • Specific attack surface

    • Modern mitigations

    • JavaScript engine

      • IonMonkey / V8 / JavaScriptCore

      • JiT specific vulnerabilities

      • Engine characteristics

  • IOT

    • Hardware attacks to get the code

    • Efficient fuzzing

      • Unicorn Engine

      • Qemu extension