In this 5 day course, students will learn how to discover bugs and vulnerabilities in C++-based programs. This course walks students through the numerous cases of undefined and platform specific behavior specific in the C++ language. We’ll look at the various features of the C++ language, with numerous real-world examples of bugs found by the trainer. This course is partly focused on C++ vulnerability research. We will look at exploitation using STL container corruption and VTable overwrites. Moreover, we’ll look at automating bug discovery using libFuzzer and performing variant analysis with CodeQL. Finally, we will look at coding recommendations and ways to prevent, fix, and secure buggy C++ code.
Specifically, students will:
- Review components of the C++ programming language.
- Learn about common C++ programming bugs.
- Learn common APIs and interfaces in systems code and OS kernels prone to implementation bugs.
- Look at previously discovered bugs as case studies.
- Find bugs in sample code.
- Be given the opportunity to find bugs in current systems code.
Lectures and Labs
9am – 5pm, Monday-Friday.
What is required:
What will be Provided?
- Workstations for class use
- Bound lecture materials
- Access to laboratories on the "cyber range"
- Morning Tea, Lunch, Tea & Coffee
- InfoSect Swag & certificate of completion
Competency in C++ programming.
Courses have no more than 10 people.
A minimum of 4 registrations are required for course to run. If less than 4 registrations are received, InfoSect will be in contact about refunding or rescheduling the course.