The training will provide its students with:

knowledge on how to use tools to find vulnerabilities in native applications

give a hands-on experience in some exploitation techniques

 - Slack: Will be setup a week in advance to facilitate resolving of any technical issue

 cloud instance: guarantees same environment

This training is explicitly targeted at security professionals with some programming experience in C or C++.

Demystify exploitation, show that exploitation is a mindset, not a set of techniques

Demonstrate the motivation for mitigations in the platforms, languages and tools

Show that C++ and C are not easy to reason about

Teach the students to recognize constructs that have a higher risk of having vulnerabilities

Teach the students which tools can be used to find bugs

DAY 1 - FINDING VULNERABILITIES USING FUZZING

Exploitable: UB and Compiler Optimizations

DAY 2 - EXPLOITATION AND WRITING SHELLCODE

Exploit: Return Oriented Programming (ROP)

Training aimed at providing an introduction to finding and exploiting vulnerabilities in C and C++ applications.

Auth0

CyberRes

Elastic

Secure Code Warrior

Synopsys

NDC Security 2023

Clarion Hotel Oslo

Fortify

mend.io

SecureFlag

Veeam
Veeam® is the leader in Backup solutions that deliver Cloud Data Management™. Veeam provides a single platform for modernizing backup, accelerating hybrid cloud and securing your data. With 365,000+ customers worldwide, including 81% of the Fortune 500 and 66% of the Global 2,000, Veeam customer-satisfaction scores are the highest in the industry at 3.5x the average. Veeam’s global ecosystem includes 70,000+ partners, including HPE, NetApp, Cisco and Lenovo as exclusive resellers. Veeam was recently acquired by American Insight Partners and has offices in more than 30 countries. To learn more, visit https://www.veeam.com​ or follow Veeam on Twitter @veeam.​

Veeam

NDC Security Oslo 2024

Radisson Blu Scandinavia Hotel

Patricia Aas

Patricia Aas is an international speaker and has spoken at CppCon, ACCU, C++OnSea, NDC Security, NDC Oslo and many other conferences on subjects ranging from Sandboxing in Chromium to Vulnerabilities in C++. She has taught a range of subjects in Computer Science at the University of Oslo.

Patricia has a masters degree in Computer Science and 13 years professional experience as a programmer, most of that time programming in C++. During that time she has worked in codebases with a high focus on security: two browsers (Opera and Vivaldi) and embedded Cisco telepresence systems.

(In)Secure C++: Sec Edition

SECURE CODING PRACTICES IN C++

PRACTICAL INFORMATION

GOALS OF THE TRAINING

TWO-DAY TRAINING

DAY 1 - FINDING VULNERABILITIES USING FUZZING

DAY 2 - EXPLOITATION AND WRITING SHELLCODE