June 20-22, 2017 | Donostia - San Sebastian


Bug hunting bootcamp | Discovering 0day - Eldar Marcussen

The term zero day can be frightening to most in the IT and information security business, but for bug hunters it is just another bug where the vendor hasn't been notified yet, or future rewards from bug bounty programs. This intense three day lab based course will teach you how to find these bugs, evaluate root cause, assess impact and write exploit to prove zero day vulnerabilities in software. The course will cover both manual and automated vulnerability hunting in web applications, embedded devices and compiled binaries. Additionally we will cover how to chain bugs together to achieve unauthenticated remote code execution, vendor notification, vulnerability disclosure and how to obtain a CVE. The training prioritizes real world vulnerabilities across several languages.

Audience and prerequisites:
The course is aimed at beginners and security professionals alike, a variety of targets to practice bug hunting skills on the participant can find something suitable for their skill level.

    • Students are expected to be somewhat familiar with the Linux command line as well as OWASP Top 10 & CWE-25
    • Basic scripting knowledge is recommended, but not required.
    • Students must be able to run a VMWare virtual machine (vmware player or workstation) to complete this course.

Course duration, format and materials:
Three days training.

    • Students will take home the training slides and material as well as the lab virtual machine.
    • Upon completing this training, the student will have a good understanding of how and where to look for security flaws in software, using both automated and manual techniques.
    • The student will also be able to write exploits for the common bug classes covered by the training.
    • A certificate of completion of the training course.

Other considerations:

    • Coffee breaks and lunch included
    • Training language: English
    • Training materials
    • Students need to bring their own laptop
    • Free admission to EuskalHack Security Congress (Two days Coffee breaks and lunch included)
    • Please note: Course will be cancelled if the minimum of 4 students do not enroll

About the trainer:

Eldar is a penetration tester and security researcher with HackLabs where he performs redteaming, and other pentests. He is also an assessor for CREST Australia. He has worked closely with bugcrowd in the past and was a recipient of the first CVE 10K candidate numbers. In addition to finding vulnerabilities he contributes to and maintain several open source projects—in his spare time—aimed at web application security and penetration testing. These include graudit, doona, lbmap, dotdotpwn, nikto and more.

Detailed training course agenda:

      DAY 1
    • Bug hunting approaches and theory
    • Choosing suitable targets
    • Static and dynamic analysis
    • Web application bugs and exploits

    • DAY 2
    • Chaining bugs
    • Web application bugs and exploits
    • Bug hunting in embedded devices

    • DAY 3
    • Binary bugs and exploits
    • Automation
    • Dealing with disclosure
    • Conclusion