Advanced C/C++ Source Code Analysis

We announced our first training offering in 2012 and continue to deliver it to this day at both public and private events. Our ‘Advanced C/C++ Source Code Analysis’ training course is designed for organizations who want to educate their staff on how to find exploitable vulnerabilities by manually auditing the source of large and complex programs. This course does not cover introductory buffer overflows on example code, instead students will focus on real world web browser and common library vulnerabilities. The course covers topics such as use-after-free, type confusion and more. Students will learn things like the wrong way to use RefPtr and VARIANT, not study the same old strcpy pattern from a decade ago. The introductory material covers how to identify bad patterns and conceptualize what the process would look like at runtime. This course is unique in that it will not only teach you techniques to find new vulnerabilities but also analyze code for exploitation primitives that can be leveraged for target specific exploitation.

This course is completely up to date with the latest in memory safety research. There is no other training offered like it anywhere else. We are confident students will finish the course with a different perspective on how to discover new zero day vulnerabilities through manual source code auditing. You can learn more information about this course including private training availability, group pricing rates, and a detailed outline by contacting us via email or phone. You can also read our blog posts for additional info.

Student Feedback

FAQ

(coming soon)

Upcoming Classes