Program Analysis for Vulnerability Research (5-Day course)

Want to be better at finding vulnerabilities? Want to automate common discovery patterns and build tooling to make you better at your job?  

This five-day course teaches sophisticated program analysis techniques and how to apply them to improve the auditing processes, improve your ability to identify interesting code paths, and to encode bug primitives for automated identification.

You will learn the basics of how to use Binary Ninja, and become familiar with many of the foundational program analysis theories and algorithms behind its analysis. You will also learn how to leverage the advanced analysis provided by Binary Ninja and how to extend it for your specific use cases. And in doing so, you will learn to perform advanced program analysis for vulnerability research across every architecture.

You'll learn from top researchers and developers from Margin RE and Vector 35.

• DATES: Oct 2 - Oct 6
• TIMES: 9am-5pm ET daily
• SYLLABUS: https://margin.re/training/
• LOCATION: Online (We'll be using Discord and Zoom)
• PREREQUISITES:
• You must be familiar with basic vulnerability classes such as stack-based buffer overflows, type confusion, sign extension vulnerabilities, etc.
• Basic to intermediate Python experience highly recommended. (Python 3.8+ used in exercises)
• Note that a non-commercial training license of Binary Ninja is included with the cost of the course, however a commercial-license if available does enhance some exercises.
• Most of the provided binaries are Linux-based, so students my wish to have a VM in which to run them.
• A laptop which can run Binary Ninja (Supported Platforms)