Software (both managed and native code) has been plagued by security errors for a long time. To combat that reality, security researchers, software quality assurance/test engineers, developers, and software managers need to acquire 6 critical skills for continuous bug hunting and repair (or exploitation): SDL, System Investigation, Static Analysis (open source and commercial), Dynamic Analysis (Burp and Fuzzers), Manual Code Auditing (source and with IDA/reversing), and PoC/Repair (ROP exploits, etc). Each of these domains is covered in detail in this mature course. As a bonus, students will leave with homework content, so they can continue pushing their abilities, well beyond the duration of the course.
No hard prerequisites, but helpful to have a college Degree in a computer related disciple or equivalent work experience. Programming experience will help, but you will still get a lot out of the course even if you lack that, so no fears. All questions are good questions in VDA classes. We have a fun but instructive and intense learning experience. You won't walk away disappointed.
What Students Should Bring
Students are required to provide a laptop for the course. You need admin rights on the laptop. Your laptop should have a USB port, at least 60GB of free HD space, 6GB+ of RAM, and VMware Fusion for the Mac or workstation/player for Windows/Linux. Vmware should be installed ahead of time, or you’ll spend a bit of class time doing that.
What Students Will Be Provided With
You will be given a Windows 10 VM. Copy the VM to your disk drive, and pass the portable Media to your neighbor. You will need a normal USB port (bring an adapter if you have the newer/smaller USB-C) and an OS that can read an ExFat file system thumb drive. (Most Mac and Windows have that, but with Linux, check for the driver.) You may not share course media with non-students.
Dr. Jared DeMott, @jareddemott
Dr. Jared DeMott has been training at conferences like Black Hat and DerbyCon for over 12 years. He’s the founder of VDA Labs, and previously served as a vulnerability analyst with the NSA. He holds a PhD from Michigan State University. He regularly speaks on vulnerabilities at conferences like RSA, ToorCon, GrrCon, HITB, etc. He was a finalist in Microsoft’s BlueHat prize contest, which helped make Microsoft customers more secure. Dr. DeMott has been on three winning Defcon capture-the-flag teams, and has been an invited lecturer at prestigious institutions such as the United States Military Academy. Jared is also a Pluralsight author, and is often quoted online and has made TV appearances.
John Stigerwalt, @jstigerwalt1
John Stigerwalt is a cyber security engineer who is experienced in penetration testing, application auditing, social engineering, exploit development, and reverse engineering. He has spent many years protecting financial organizations from evolving threats, and is very passionate about improving organizations security. John is always striving to better himself by enhancing his security knowledge. He believes in contributing to the security community with new security findings and helping others learn as well. John holds the OSCE, OSCP, and SLAE certifications.