The most difficult part of researching a complicated new target is knowing where to start

This training helps give students a practical introduction to understanding and debugging some of the most interesting topics in the space with the aim that they will begin to explore the code themselves and be able to learn from future bugs found in these targets.

About the trainer

Max Van Amerongen (@maxpl0it) is a vulnerability researcher at SentinelOne where his focus is to find critical vulnerabilities in hard targets such as virtualisation and operating systems. Prior to this, he worked as a security researcher at F-Secure/MWR where he successfully participated in several Pwn2Own competitions.

Past Training Experience: Internal trainings on CodeQL (SentinelOne and F-Secure), JS Engine Exploitation (F-Secure), MIPS Router Hacking (F-Secure), and Exploitation 101 (F-Secure with our interns) (Happy to provide slides for the CodeQL, Router Hacking, and Exploitation 101 if required) – Public: https://github.com/maxpl0it/crackme101

Training outline and agenda:

Day 1 (Browsers):

– Introduction to the course

– Introduction to modern browser internals

  – Source to Bytecode

  – Visualising Objects in-memory

  – JIT

– Source code overview

  – Chrome

  – Firefox

– Finding old bugs for both

– Exploring Modern JavaScript Pipelines

  – Compiling JS shells

  – Debugging objects, bytecode, and JIT, etc for both JS engines

– Where to go from here

Day 2 (Operating Systems/IoT):

– Introduction to Operating Systems

– Exploring Linux source code

– Building Linux

– Setting up Kernel Debugging

– Debugging the kernel

– Introduction to IoT

– Finding IoT firmware

– Extracting IoT firmware

– Finding points of interest in the filesystem

– Exploring the device dynamically

– Where to go from here

Day 3 (Virtualisation):

– Introduction to Virtualisation Internals

– Points of interest in Virtualisation

– Overview of VirtualBox source

– Overview of Qemu/KVM source

– Debugging VirtualBox and Qemu

– Generating test-cases using Linux drivers

– Where to go from here

(Bonus if there’s time – intro to VMWare Fusion reversing – tips on symbols, strings, and guest-to-host communication)