Code Review

In this 5 day course, Code Review walks students through the numerous cases of undefined and platform specific behavior in C. We’ll look at every part of the C language, with numerous real-world examples of bugs found by the trainer. This course is partly focused on vulnerability research. Time will be spent on relating C memory corruption heap bugs to current attacks on the Linux Heap allocator. Moreover, we’ll look ways to automate bug discovery using fuzzing and static analysis. Finally, we will look at coding recommendations and ways to prevent, fix, and secure buggy C code.

Course Objectives

To be able to discover software bugs and vulnerabilities in C Code.

Duration and Schedule

Days, 9am – 5pm

Training Outcomes

  • Demonstrate understanding of C Bug Classes
  • Demonstrate understanding of the main automated vulnerability discovery techniques
  • Demonstrate understanding of some Linux heap exploitation techniques •
  • Demonstrate being able to patch bugs and vulnerabilities

Who Should Attend?

  • Developers
  • IT Professionals
  • Embedded Developers
  • OS Developers
  • Penetration Testers
  • Software Security Auditors/Analysts
  • Vulnerability Researchers
  • Software Exploitation Developers
  • Anyone else interested

About the Trainer

Dr Silvio Cesare is the Managing Director at InfoSect. He has worked in technical roles and been involved in computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He has reported hundreds of software bugs and vulnerabilities in Operating Systems kernels. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the scanner architect and a C developer at Qualys. He is also the co-founder of BSides Canberra – Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, is a 4-time Black Hat speaker, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).

What to Bring to Face-to-Face Training?

  • All materials are provided by InfoSect

What Will be Provided in Face-to-Face Training?

  • Laptops for class use
  • 800 page coil bound lecture materials
  • Catering provided.
  • Access to VMs with laboratories
  • InfoSect Swag

What will be Provided in Live, Interactive, Online Training?

  • Lecture notes in PDF
  • Lab guides in PDF
  • Access to VMs with laboratories
  • InfoSect Swag (for Australian shipping only)

Participant Skillset

Students taking Code Review should have an intermediate C Development background. They should have hands on experience in:

  • C Coding Experience
  • Linux

Student Feedback

“I found so many bugs this week in real open source code that I feel like Smaug with his hoard of treasure” – ShaneM

“I highly recommend Silvio Cesare’s Code Review course. If C is your jam this is a must do course”

“I’ve been fired up to really understand allocators and heap exploitation. Magic really – Silvio drops so many pearls of wisdom that it’s a trip hazard…”

Enjoyed all the content. Discussions with Silvio Cesare during course and breaks very insightful. Really enjoyed seeing how these bugs lead to exploitation” – anonymous

“The overall course was good and I was able to learn ways of finding bugs easier than I was previously aware of. Also reinforced some ideas I have forgotten.” – anonymous

“Really enjoyed the course, learnt a lot and have a lot of tools/techniques to take away and improve my code” – John (software developer)

“Thanks for the great course” – Ben

Class Syllabus

Day 1 (C Refresher)

Lectures

  • Introduction to the Training
  • History of C
  • Developing in C
  • Review of C Programming Basics
  • Pointers, Strings, and Arrays
  • Structures and Unions
  • Dynamic Memory Management

Labs

  • Review of C Programming Basics
  • Pointers, Strings, and Arrays
  • Dynamic Memory Management

Day 2 (Vulnerability Research)
Lectures

  • Virtual Memory
  • Debugging
  • Compiler Construction
  • Data Structures
  • Linux Heap Allocator Internals
  • Fuzz Testing
  • Dynamic Memory Checkers
  • SMT Solving
  • Symbolic Execution

Labs

  • ptmalloc Heap Metadata Corruption
  • Fuzzing and AFL
  • Dynamic Memory Checkers
  • Static Program Analysis
  • Coccinelle

Day 3 (C Bug Classes)

Lectures

  • Bugs in Preprocessor
  • Bugs in Declarations and Initialisation
  • Bugs in Expressions
  • Bugs in Floating Point
  • Bugs in Arrays
  • Bugs in Characters and Strings
  • Bugs in Memory Management
  • Bugs in Input Output

Labs

  • Insecure Coding

Day 4 (C Bug Classes)
Lectures

  • Bugs in Environment
  • Bugs in Signals
  • Bugs in Error Handling
  • Bugs in Miscellaneous
  • Bugs in Posix
  • Navigating the Linux Kernel
  • Bugs in Unix Kernels
  • Code Review Strategies

Labs

  • Userspace Auditing

Day 5 (Recommendations)
Lectures

  • Fixes in Preprocessor
  • Fixes in Declarations and Initialisations
  • Fixes in Expressions
  • Fixes in Integers
  • Fixes in Floating Point
  • Fixes in Arrays
  • Fixes in Characters and Strings
  • Fixes in Memory Management
  • Fixes in Input Output
  • Fixes in Environment
  • Fixes in Signals
  • Fixes in Error Handling
  • Fixes in Miscellaneous
  • Fixes in Posix
  • Training Close

Labs

  • Fixing and Securing Code