Max Van Amerongen (Maxpl0it) is a Senior Vulnerability Researcher at Interrupt Labs who focuses on finding security holes in critical software. Before joining Interrupt, he had previously worked and SentinelOne and F-Secure Labs, where he successfully participated in the Pwn2Own hacking contest a number of times.
In the world of security research, web browsers, Operating Systems, and Virtualisation software are considered some of the most impressive targets to find vulnerabilities in. They’re also unfortunately some of the most complicated to look at, with the amount of prerequisite knowledge required to even begin research feeling unattainable for many researchers. This course covers the internals of several hard targets, with the aim of giving students a practical introduction to understanding and debugging some of the most interesting topics in the space of security research, with the aim that they will begin to explore the code themselves and be able to learn from future bugs found in these programs. Furthermore, the information students take away will enable them to research similar implementations they may be interested in by breaking through the initial barrier to entry.
This course is very fast-paced as it covers a lot of complicated internals from both a theoretical and practical perspective. The focus is on the inner workings of these types of software as opposed to exploitation, so exploitation primitive will not be explicitly discussed as a part of the contents.
Day 1 — Browsers:
Both Firefox and Chrome will be covered in this training, with focus on the JavaScript engine internals:
– Parsing
– The JavaScript VM
– Object Representation
– Various Optimisations
– Just-in-time Compilation
– Debugging Techniques
– Finding Old Vulnerabilities
Day 2 — Operating Systems/IoT:
The Linux kernel will be the main focus of this day, with emphasis on internals, such as:
– Introduction to Operating Systems and the x86_64 architecture
– Exploring Linux Source Code and building the kernel
– Setting up and Kernel Debugging
– Exploring the kernel init process
– Virtual and Physical memory, and paging internals
– System Calls and Interrupts
– Process Representation, Context Switching, and scheduling
– Memory protections in user land and kernel land
– Filesystem and Networking Internals
– Introduction to IoT
– Finding and extracting IoT Firmware
– Finding points of interest in the file system
Day 3 — Virtualisation:
Both VirtualBox and QEMU/KVM will be covered in this training, with emphasis on various internals, such as:
– Software virtualisation and Hardware-assisted virtualisation internals (VT-x)
– Emulated Devices
– Port IO/MMIO
– Guest-to-host communication (and guest additions)
– Network Communication
– Paravirtualisation
– Debugging techniques
– If there is time, a bonus introduction to getting started with VMWare reversing
