3-DAY TRAINING 8 – Bughunting Bootcamp – Discovering 0day


CAPACITY: 20 pax


USD2199 (early bird)

USD2999 (normal)

Early bird registration rate ends on the 31st of May


Want to find zero days? write exploits? do some cool research? This intense three day, lab based, course will teach you the skills to find new security vulnerabilities, evaluate the root cause, assess impact, and write exploits to prove the existence of vulnerabilities in software. The course will cover both manual and automated vulnerability hunting in source code, web based software, compiled binaries and embedded systems. Additionally we will cover how to chain vulnerabilities together to achieve unauthenticated remote code execution, vendor notification, vulnerability disclosure and how to obtain a CVE. The training prioritizes real world vulnerabilities across several languages.

Key Learning Objectives

  • Upon completing this training, the student will have a good understanding of how and where to look for security flaws in software, using both automated and manual techniques.
  • The student will also be able to write exploits for several different vulnerability types.

Who Should Attend

The course is aimed at beginners and security professionals alike, with a variety of targets to practice zero day hunting skills, so the attendee will find something suitable for their skill level.

Prerequisite Knowledge

  • Students are expected to be somewhat familiar with the Linux command line
  • OWASP Top 10 & CWE-25.
  • Basic scripting knowledge is recommended, but not required.

Hardware / Software Requirements

  • Attendees must bring a laptop capable of running a virtual machine (vmware player, workstation or virtualbox) in order to complete this course

What Students Will Be Provided With

  • A certificate of completion of the training course.
  • Students will take home the training slides and material as well as the lab virtual machine.

Agenda – Day 1:

  • Theory and web application security
  • Choosing suitable targets
  • Static and dynamic analysis
  • Web application vulnerabilities and exploits

Agenda – Day 2:

  • Embedded and web vulnerabilities and exploits
  • Logic flaws
  • Chaining bugs in exploits
  • Bug hunting in embedded devices

Agenda – Day 3:

  • Memory corruption vulnerabilities and exploits
  • Shell code
  • Fuzzing
  • Triage
  • Writing memory corruption exploits
  • Dealing with disclosure
  • Conclusion

Location: TRAINING ROOMS Date: August 26, 2019 Time: 9:00 am - 6:00 pm Eldar “Wireghoul” Marcussen