Code Review: May 4 - 7

Code Review walks students through the process of discovery 0-days in systems software using manual code review. We'll walk students through numerous cases of undefined and platform specific behavior in C that can be leveraged by attackers. We'll look at every part of the C language, with numerous real-world examples of bugs found by the trainer, including bugs in Apache, the Linux, FreeBSD, and OpenBSD kernels, Virtual Box, QEMU, glibc and more. As well as manual code review, we'll look ways to automate bug discovery using fuzzing and static analysis. Moreover, time will be spent on relating C memory corruption heap bugs to current exploitation techniques on the Linux Heap allocator, ptmalloc2. Finally, we will look at coding recommendations and ways to prevent, fix, and secure buggy C code.