Beskrivning
Day 1
- Cyber security basics
- What is security?
- Threat and risk
- Cyber security threat types – the CIA triad
- Cyber security threat types – the STRIDE model
- Consequences of insecure software
- Memory management vulnerabilities
- Assembly basics and calling conventions
- x64 assembly essentials
- Registers and addressing
- Most common instructions
- Calling conventions on x64
- Calling convention – what it is all about
- Calling convention on x64
- The stack frame
- Stacked function calls
- Buffer overflow
- Memory management and security
- Vulnerabilities in the real world
- Buffer security issues
- Buffer overflow on the stack
- Buffer overflow on the stack – stack smashing
- Exploitation – Hijacking the control flow
- Lab – Buffer overflow 101, code reuse
- Exploitation – Arbitrary code execution
- Injecting shellcode
- Lab – Code injection, exploitation with shellcode
- Case study – Stack BOF in FriendlyName handling of the Wemo Smart Plug
- Buffer overflow on the heap
- Unsafe unlinking
- Case study – Heap BOF in WinRAR
- Pointer manipulation
- Modification of jump tables
- Overwriting function pointers
- Best practices and some typical mistakes
- Unsafe functions
- Dealing with unsafe functions
- Lab – Fixing buffer overflow
- Using std::string in C++
- Unterminated strings
- Manipulating C-style strings in C++
- Malicious string termination
- Lab – String termination confusion
- String length calculation mistakes
- Assembly basics and calling conventions
Day 2
- Memory management hardening
- Securing the toolchain
- Securing the toolchain in C and C++
- AddressSanitizer (ASan)
- Using AddressSanitizer (ASan)
- Lab – Using AddressSanitizer
- Stack smashing protection
- Detecting BoF with a stack canary
- Argument cloning
- Stack smashing protection on various platforms
- SSP changes to the prologue and epilogue
- Lab – Effects of stack smashing protection
- Runtime protections
- Runtime instrumentation
- Address Space Layout Randomization (ASLR)
- ASLR on various platforms
- Lab – Effects of ASLR
- Circumventing ASLR – NOP sleds
- Non-executable memory areas
- The NX bit
- Write XOR Execute (W^X)
- NX on various platforms
- Lab – Effects of NX
- NX circumvention – Code reuse attacks
- Return-to-libc / arc injection
- Return Oriented Programming (ROP)
- Protection against ROP
- Case study – Systematic exploitation of a MediaTek buffer overflow
- Securing the toolchain
- Common software security weaknesses
- Security features
- Authentication
- Password management
- Inbound password management
- Storing account passwords
- Password in transit
- Lab – Is just hashing passwords enough?
- Dictionary attacks and brute forcing
- Salting
- Adaptive hash functions for password storage
- Password policy
- NIST authenticator requirements for memorized secrets
- Outbound password management
- Hard coded passwords
- Best practices
- Lab – Hardcoded password
- Inbound password management
- Code quality
- Code quality and security
- Data handling
- Type mismatch
- Lab – Type mismatch
- Initialization and cleanup
- Constructors and destructors
- Initialization of static objects
- Lab – Initialization cycles
- Array disposal in C++
- Lab – Mixing delete and delete[]
- Memory and pointers
- Memory and pointer issues
- Pointer handling pitfalls
- Null pointers
- NULL dereference
- NULL dereference in pointer-to-member operators
- Pointer usage in C and C++
- Use after free
- Lab – Use after free
- Lab – Runtime instrumentation
- Double free
- Case study – UAF and double free in netfilter
- Smart pointers
- Security features
Day 3
- Common software security weaknesses
- Input validation
- Input validation principles
- Denylists and allowlists
- What to validate – the attack surface
- Where to validate – defense in depth
- When to validate – validation vs transformations
- Validation with regex
- Regular expression denial of service (ReDoS)
- Lab – ReDoS
- Dealing with ReDoS
- Injection
- Code injection
- OS command injection
- Lab – Command injection
- OS command injection best practices
- Avoiding command injection with the right APIs
- Lab – Command injection best practices
- Case study – Shellshock
- Lab – Shellshock
- Case study – Command injection in Zyxel IKE packet decoder
- OS command injection
- Code injection
- Process control
- Library injection
- Lab – Library hijacking
- Library injection best practices
- Integer handling problems
- Representing signed numbers
- Integer visualization
- Integer promotion
- Integer overflow
- Lab – Integer overflow
- Signed / unsigned confusion
- Case study – Signed/unsigned confusion DoS in DrayTek Vigor routers
- Lab – Signed / unsigned confusion
- Integer truncation
- Lab – Integer truncation
- Case study – WannaCry
- Best practices
- Upcasting
- Precondition testing
- Postcondition testing
- Best practices in C++
- Lab – Integer handling best practices in C++
- Case study – Integer check failure in Skia
- Files and streams
- Path traversal
- Lab – Path traversal
- Path traversal best practices
- Lab – Path canonicalization
- Input validation
- Wrap up
- Secure coding principles
- Principles of robust programming by Matt Bishop
- Secure design principles of Saltzer and Schroeder
- And now what?
- Software security sources and further reading
- C and C++ resources
- Secure coding principles
Kursen levereras i samarbete med
Recensioner
Det finns inga recensioner än.