TyphoonCon
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
BUY TICKETS

The most difficult part of researching a complicated new target is knowing where to start

This training helps give students a practical introduction to understanding and debugging some of the most interesting topics in the space with the aim that they will begin to explore the code themselves and be able to learn from future bugs found in these targets.

About the trainer

Max Van Amerongen (@maxpl0it) is a vulnerability researcher at SentinelOne where his focus is to find critical vulnerabilities in hard targets such as virtualisation and operating systems. Prior to this, he worked as a security researcher at F-Secure/MWR where he successfully participated in several Pwn2Own competitions.

Past Training Experience: Internal trainings on CodeQL (SentinelOne and F-Secure), JS Engine Exploitation (F-Secure), MIPS Router Hacking (F-Secure), and Exploitation 101 (F-Secure with our interns) (Happy to provide slides for the CodeQL, Router Hacking, and Exploitation 101 if required) – Public: https://github.com/maxpl0it/crackme101

Training outline and agenda:

Day 1 (Browsers):

– Introduction to the course

– Introduction to modern browser internals

  – Source to Bytecode

  – Visualising Objects in-memory

  – JIT

– Source code overview

  – Chrome

  – Firefox

– Finding old bugs for both

– Exploring Modern JavaScript Pipelines

  – Compiling JS shells

  – Debugging objects, bytecode, and JIT, etc for both JS engines

– Where to go from here

Day 2 (Operating Systems/IoT):

– Introduction to Operating Systems

– Exploring Linux source code

– Building Linux

– Setting up Kernel Debugging

– Debugging the kernel

– Introduction to IoT

– Finding IoT firmware

– Extracting IoT firmware

– Finding points of interest in the filesystem

– Exploring the device dynamically

– Where to go from here

Day 3 (Virtualisation):

– Introduction to Virtualisation Internals

– Points of interest in Virtualisation

– Overview of VirtualBox source

– Overview of Qemu/KVM source

– Debugging VirtualBox and Qemu

– Generating test-cases using Linux drivers

– Where to go from here

(Bonus if there’s time – intro to VMWare Fusion reversing – tips on symbols, strings, and guest-to-host communication)

BUY TICKETS
  • Facebook
  • Twitter
  • Linkedin
  • Email