Security for Hackers and Developers

Paths

Security for Hackers and Developers

Author: Dr. Jared DeMott

Security for Hackers and Developers lays the foundation for anyone interested in creating secure software and systems, or anyone interested in hacking computer systems. Upon... Read more

What you will learn

  • The fundamentals of software security and a security-oriented development process
  • How and when to audit source code
  • How to use various fuzzing techniques
  • How to reverse compiled software using IDA Pro
  • How to detect and exploit bugs in software, including stack overflows, function pointer overwrites, off-by-ones, integer errors, uninitialized variable attacks, heap spraying, and ROP
  • How to detect and analyze exploit kits (EKs)
  • How to pull apart the malware payloads dropped by the initial exploit or EK

Pre-requisites

There are no required prerequisites for this path. Programming (specifically with C/C++/.asm) and information/cyber security knowledge and experience is helpful, but not necessary.

Beginner

The Security for Hackers and Developers: Overview course will teach you the fundamentals of software security and a security-oriented development process, and in doing so, provide the foundation for you to move to the intermediate courses which focus on code auditing, fuzzing, reverse engineering, and exploit development.

Security for Hackers and Developers: Overview

by Dr. Jared DeMott

Jan 26, 2016 / 1h 10m

1h 10m

Start Course
Description

Enterprises around the world have identified cyber security as a top concern. Security vulnerabilities leave companies open to hacking and security breaches. This course will teach you tools to fight against security vulnerabilities and attacks. You'll learn the fundamentals of software security and a security-centered software development process, where bugs typically live and how to find them, and specific techniques such as manual and automated code reviews. When you're finished with this training course, you'll understand the major security domains and have some ideas for securing your software that you can apply right away.

Table of contents
  1. Course Overview
  2. Introduction
  3. Understanding the Security Development Lifecycle - SDL
  4. Uncovering Security Bugs
  5. Using Static Analysis
  6. Pentesting Code: Learning from a Case Study

Intermediate

There are four technical skills required by security researchers, quality engineers, and developers concerned with software security: source code auditing, fuzzing, reverse engineering, and exploitation. With the understanding these four courses provide, you’ll be ready to move on to the advanced course in this path Advanced Malware Analysis: Combating Exploit Kits.

Security for Hackers and Developers: Code Auditing

by Dr. Jared DeMott

Aug 30, 2016 / 2h 3m

2h 3m

Start Course
Description

Bugs in software can be very expensive issues that can arise from not thoroughly testing and re-testing your code. In this course, Security for Hackers and Developers: Code Auditing, you will learn about manual code pentesting and all about how a professional code auditor finds bugs in code. You'll mainly be focusing on C/C++, but the high level ideas apply to all languages. By going deep into the weeds on C and C++ code, learners will appreciate the depth and experience required to audit this and any language code. First you'll learn about code auditing tools and techniques, as well has why memory corruption happens and how to prevent it. Then you'll learn all about the newer bug types such as use-after-free, type confusion, and kernel double fetch. You'll wrap up the course by learning about the real-world vulnerabilities like Heartbleed and other critical browser bugs. By the end this course, you'll know how to audit code with confidence. You'll know how to spot bugs, understand why they're important, and architect modern protections.

Table of contents
  1. Course Overview
  2. Exploring C Program Details Related to Security
  3. Auditing C Code
  4. Exploring C++ Program Details Related to Security
  5. Auditing C++

Security for Hackers and Developers: Fuzzing

by Dr. Jared DeMott

Dec 14, 2016 / 2h 9m

2h 9m

Start Course
Description

Bugs in software costs the economy billions of dollars each year. In this course, Security for Hackers and Developers: Fuzzing, you are going to turn the tide by learning how to find and fix critical bugs quicker. Hackers have long used a technique called fuzzing to find bugs and software makers must do the same. First, you'll learn about mutation and generation fuzzing. Next, you'll explore monitoring, parallel fuzzing, and in-memory fuzzing. Finally, the course will wrap up with you learning about feedback fuzzing. By the end this course, you'll know how to fuzz programs in multiple ways. You'll know the pros and cons of each technique, and be able to make wise choices for your security program.

Table of contents
  1. Course Overview
  2. Explaining Fuzz Testing
  3. Writing and Monitoring Mutation Fuzzers
  4. Using the Sulley Fuzzing Framework for Generation Fuzzing
  5. Learning the Peach Fuzzer
  6. Distributing Fuzz Test Cases
  7. Fuzzing APIs
  8. Fuzzing In-memory Code
  9. Learning Feedback Fuzzers: AFL and libFuzzer
  10. Applying Fuzzing Metrics

Security for Hackers and Developers: Reverse Engineering

by Dr. Jared DeMott

Mar 29, 2017 / 2h 4m

2h 4m

Start Course
Description

In the prior courses we learned there are 4 main techniques to secure code: design review, static analysis, manual audit, and dynamic (fuzz) testing. But, once the code is fielded, hackers will begin researching exploits against it. In this course, learn how and why compiled binaries are examined and scoured for weaknesses, and why reversing is also a required malware analysis skill and is sometimes needed for low-level developers working with undocumented APIs. After watching this course you'll be familiar all of the above and with the popular IDA pro tool and how to use it. Download the IDA pro demo to complete the labs.

Table of contents
  1. Course Overview
  2. Using IDA Pro to Reverse Code
  3. Learning x86 and Calling Conventions
  4. Understanding C-to-Assembly and Compiled Structures
  5. Patching a Compiled Binary
  6. Reversing C++
  7. Extending IDA with Scripts

Security for Hackers and Developers: Exploit Development

by Dr. Jared DeMott

Sep 26, 2017 / 1h 48m

1h 48m

Start Course
Description

With developers so overloaded, why should you prioritize security fixes? Because hackers are probably writing exploits against your product right now. You need to learn what that process entails to enable a deeper appreciation for the serious defenses needed. In this course, Security for Hackers and Developers: Exploit Development, you'll learn the ins and outs of how to write basic exploits. First, you'll explore control-flow hijacks such as function and return pointer overwrites. Next, you'll cover how to create and debug shellcode. Finally, you'll discover how to overcome common security mitigations using return-oriented programming (ROP). By the end of this course, you’ll know how to exploit programs with confidence, which gives you the skills to defend software, write exploits, or reverse engineer malware.

Table of contents
  1. Course Overview
  2. Auditing, Debugging, and Vulnerabilities
  3. Understanding a Function Pointer Overwrite
  4. Exploiting a Windows Server Using Shellcode
  5. Exploiting a Basic Browser Bug
  6. Applying Return-oriented Programming

Advanced

In the final course in this path, you'll draw on the knowledge and skills you’ve learned in order to analyze and detect an advanced form of malware, exploit kits.

Advanced Malware Analysis: Combating Exploit Kits

by Dr. Jared DeMott

Jun 9, 2016 / 2h 23m

2h 23m

Start Course
Description

Cyber-criminals are innovating faster than ever, and the cyber-crime industry caused the loss of hundreds of billions of dollars last year across the US and Europe alone. In this course, Advanced Malware Analysis: Combating Exploit Kits, you'll learn the skills you need to pull apart and analyze exploit kits (an advanced form of malware) with Dr. DeMott. First, you'll explore the tools and techniques you'll be using as well as analyze events collected by Bromium micro-VMs. Next, you'll work on unraveling the exploit kits--figuring out which ones were used, what they look like, how to decrypt them, and how to detect them in "the wild." Finally, you'll learn how to conduct safe dynamic analysis of these exploit kits, detect CNC communication, and share your analyses so that these problems can be remedied. By the end of this course, you'll not only have a better understanding of what exploit kits are and how to detect them, but you'll be able to analyze how they work and report them so that your data is safer than ever from cyber-crime.

Table of contents
  1. Course Overview
  2. Introduction
  3. Recognizing the Exploit Vector
  4. Unraveling Exploit Obfuscation
  5. Circumventing Exploit Kit Encryption
  6. Understanding Moving Target Communications
  7. Detecting Angler in the Wild
  8. Performing Safe Dynamic Analysis
  9. Analyzing Files Statically
  10. Reversing Malware with Debugging Tools
  11. Reversing Malware with IDA pro
  12. Customizing Reports: From Researchers to CISOs
Offer Code *
Email * First name * Last name *
Company
Title
Phone
Country *

* Required field

Opt in for the latest promotions and events. You may unsubscribe at any time. Privacy Policy

By providing my phone number to Pluralsight and toggling this feature on, I agree and acknowledge that Pluralsight may use that number to contact me for marketing purposes, including using autodialed or pre-recorded calls and text messages. I understand that consent is not required as a condition of purchase from Pluralsight.

By activating this benefit, you agree to abide by Pluralsight's terms of use and privacy policy.

I agree, activate benefit