Abstract

Topic: Reverse Engineering - A developer approach for protection against possible exploitation

Duration: 4 Hrs

Description: An organisation may have millions of lines of existing code and tens of millions of dollars of investment in its business based on those lines of code. It is not reasonable to expect that those millions of lines of code support applications can be redesigned securely from scratch in a cost-effective fashion. This talk will cover basic to intermediate techniques that systems and applications programmers can use to understand by debugging vulnerable binaries, writing new code securely, and finding and mitigating vulnerabilities in existing code. The session will cover:-
1) Basics of System & Programming
2) Developing your first C++ Program
3) Basics of Assembly and Debugging
4) Integer Overflow & Underflow Vulnerabilities
5) Format String Vulnerabilities
6) Stack Based Buffer Overflow
7) Race Conditions

Prerequisites of the attendees:
1) System/Laptop with good configuration to be able to run virtualisation
2) System/laptop must be based on intel Arch ( Windows, Linux or Mac)
3) Hypervisor or virtualisation software installed such as virtual box or VMware workstation
4) Preferably bring your device for the internet

Speaker

Farhad Sajid Barbhuiya

Farhad Sajid Barbhuiya is a passionate security professional with experience of around 5 years and delivering 2000+ hours of training at various organizations ranging from educational institutions to Govt. Organizations on topics such as Web & Mobile Application Security, Reverse Engineering, Exploit Development, Code Review etc. He is currently working as a Senior Security Analyst at Enciphers, where he works on penetration testing projects as well as creates and delivers training like Mobile Application Security (Android & iOS), Reverse Engineering, Web application security etc.

Timing

Starts at Saturday May 21 2022, 11:00 AM. The sessions runs for about 4 hours.

Resources