Member Log in
Dr. Tommy Morris, UAH
Join us for our annual Fall Luncheon and take advantage of networking opportunities. Registration begins at 11:30 AM with a lunch buffet. At noon, we welcome our guest speaker, Dr. Tommy Morris.
Quietly putting together a world class Cyber operation, and Dr. Tommy Morris will provide us a comprehensive update on the many things that UAH is doing in Cyber, including details on the development of their new Cyber Security Center.
Please be sure to reserve your spot at the luncheon!
Software (both managed and native code) has been plagued by security errors for a long time. To combat that reality, security researchers, software quality assurance/test engineers, developers, and software managers need to acquire 6 critical skills for continuous bug hunting and repair (or exploitation): SDL, System Investigation, Static Analysis (open source and commercial), Dynamic Analysis (Burp and Fuzzers), Manual Code Auditing (source and with IDA/reversing), and PoC/Repair (ROP exploits, etc). Each of these domains is covered in detail in this mature course. As a bonus, students will leave with homework content, so they can continue pushing their abilities, well beyond the duration of the course.
https://www.eventbrite.com/e/application-security-for-hackers-and-developers-tickets-65685610429
TRAINERS:
Dr. Jared DeMott (@jareddemott) has been training at conferences like Black Hat and DerbyCon for over 12 years. He’s the founder of VDA Labs, and previously served as a vulnerability analyst with the NSA. He holds a PhD from Michigan State University. He regularly speaks on vulnerabilities at conferences like RSA, ToorCon, GrrCon, HITB, etc. He was a finalist in Microsoft’s BlueHat prize contest, which helped make Microsoft customers more secure. Dr. DeMott has been on three winning Defcon capture-the-flag teams, and has been an invited lecturer at prestigious institutions such as the United States Military Academy. Jared is also a Pluralsight author, and is often quoted online and has made TV appearances.
John Stigerwalt (@jstigerwalt1) is a cyber security engineer who is experienced in penetration testing, application auditing, social engineering, exploit development, and reverse engineering. He has spent many years protecting financial organizations from evolving threats, and is very passionate about improving organizations security. John is always striving to better himself by enhancing his security knowledge. He believes in contributing to the security community with new security findings and helping others learn as well. John holds the OSCE, OSCP, and SLAE certifications.
Day 1: Managed, C/C++, and Fuzzing
8am - 8:30am
Handout Material
· Pass around Thumb drives for VM Setup
8:30am - 10:00am
Part 1 - Managed Code/Web Vulns
Lab 1 - iSpyCentral Architecture Review and Reversing
· Can start looking at before class even kicks off if your VM is ready
Lecture 1: SDL and Product Security Testing
· Lab 2 - iSpyCentral Key Exploit
· Lab 3 - SAST iSpy
10:00am - 10:15am
Break 1 - Coffee/snacks
10:15am - 12pm
Continue working on first 5 labs
· Lab 4 - DAST iSpy
· Lab 5 - iSpyCentral RCE
12:00pm - 1:00pm
Lunch - On your own
1:00pm - 3pm
Part 2 - Unmanaged/Native Code Vulnerabilities
Lecture 2: Auditing C and C++
· Lab 6 - Basic C Bugs
· Lab 7 - UV Investigation
· Lab 8 - Warm up with C++
· Lab 9 - Basic C++ Bugs
3pm - 3:15pm
Break 2 - Coffee/snacks
3:15pm - 5pm
Lecture 3: Fuzzing
· Pydbg Demo
· Lab 10 - Peach fuzzer (file fuzzing)
· Lab 11 - In-memory fuzzing
Day 2: Finish Fuzzing, Reversing, and Native Exploits
Work on anything from yesterday
Ask questions about specific things
Lecture 3: Modern Fuzzing
Lecture 4: Reversing C and C++
10:30am - 10:15am
10:15am - 12:00pm
Keep Reversing
· Lab 14 - Med Crackme
· Lab 15 – Patcher
· Lab 16 - C++
Last Reversing Lab
· Lab 17 - Scripting
Lecture 5: Exploiting Native Programs
· Lab 18 - Function Pointer Overwrite
· Lab 19 - Windows Server Exploit
· Lab 20 - ROP
Student Requirements
No hard prerequisites, but helpful to have a college Degree in a computer related disciple or equivalent work experience. Programming experience will help, but you will still get a lot out of the course even if you lack that, so no fears. All questions are good questions in VDA classes. We have a fun but instructive and intense learning experience. You won't walk away disappointed.
What Students Should Bring
Students are required to provide a laptop for the course. You need admin rights on the laptop. Your laptop should have a USB port, at least 60GB of free HD space, 6GB+ of RAM, and VMware Fusion for the Mac or workstation/player for Windows/Linux. Vmware should be installed ahead of time, or you’ll spend a bit of class time doing that.
What Students Will Be Provided With
You will be given a Windows 10 VM. Copy the VM to your disk drive and pass the portable Media to your neighbor. You will need a normal USB port (bring an adapter if you have the newer/smaller USB-C) and an OS that can read an ExFat file system thumb drive. (Most Mac and Windows have that, but with Linux, check for the driver.) You may not share course media with non-students.
Homes For Our Troops Huntsville Classic!
Hosted by ITSC Secure Soutions
The Homes For Our Troops (HFOT) Huntsville Classic is a golf tournament taking place November 4, 2019 at the Huntsville Country Club, Huntsville, AL. 100% of the proceeds from this event will be used to help HFOT continue their mission of building and donating specially adapted custom homes for severely injured post-9/11 Veterans, nationwide.
We need your support!
Single player = $130
Foursome Plus Hole Sponsorship = $500
Sponsorships start at $150
Register Today:
https://www.itsc-ss.com/homes-for-our-troops-huntsville-classic/
© Cyber Huntsville
PO Box 11971 , Huntsville, AL 35814
events@cyberhuntsville.org
