The Security for Hackers and Developers: Overview course will teach you the fundamentals of software security and a security-oriented development process, and in doing so, provide the foundation for you to move to the intermediate courses which focus on code auditing, fuzzing, reverse engineering, and exploit development.
Security for Hackers and Developers: Overview
Enterprises around the world have identified cyber security as a top concern. Security vulnerabilities leave companies open to hacking and security breaches. This course will teach you tools to fight against security vulnerabilities and attacks. You'll learn the fundamentals of software security and a security-centered software development process, where bugs typically live and how to find them, and specific techniques such as manual and automated code reviews. When you're finished with this training course, you'll understand the major security domains and have some ideas for securing your software that you can apply right away.
Table of contents
- Course Overview1m 28s
- Introduction14m 42s
- Understanding the Security Development Lifecycle - SDL17m 30s
- Uncovering Security Bugs10m 2s
- Using Static Analysis10m 4s
- Pentesting Code: Learning from a Case Study15m 43s
There are four technical skills required by security researchers, quality engineers, and developers concerned with software security: source code auditing, fuzzing, reverse engineering, and exploitation. With the understanding these four courses provide, you’ll be ready to move on to the advanced course in this path Advanced Malware Analysis: Combating Exploit Kits.
Security for Hackers and Developers: Code Auditing
Bugs in software can be very expensive issues that can arise from not thoroughly testing and re-testing your code. In this course, Security for Hackers and Developers: Code Auditing, you will learn about manual code pentesting and all about how a professional code auditor finds bugs in code. You'll mainly be focusing on C/C++, but the high level ideas apply to all languages. By going deep into the weeds on C and C++ code, learners will appreciate the depth and experience required to audit this and any language code. First you'll learn about code auditing tools and techniques, as well has why memory corruption happens and how to prevent it. Then you'll learn all about the newer bug types such as use-after-free, type confusion, and kernel double fetch. You'll wrap up the course by learning about the real-world vulnerabilities like Heartbleed and other critical browser bugs. By the end this course, you'll know how to audit code with confidence. You'll know how to spot bugs, understand why they're important, and architect modern protections.
Table of contents
- Course Overview1m 37s
- Exploring C Program Details Related to Security29m 19s
- Auditing C Code36m 19s
- Exploring C++ Program Details Related to Security25m 19s
- Auditing C++30m 1s
Security for Hackers and Developers: Fuzzing
Bugs in software costs the economy billions of dollars each year. In this course, Security for Hackers and Developers: Fuzzing, you are going to turn the tide by learning how to find and fix critical bugs quicker. Hackers have long used a technique called fuzzing to find bugs and software makers must do the same. First, you'll learn about mutation and generation fuzzing. Next, you'll explore monitoring, parallel fuzzing, and in-memory fuzzing. Finally, the course will wrap up with you learning about feedback fuzzing. By the end this course, you'll know how to fuzz programs in multiple ways. You'll know the pros and cons of each technique, and be able to make wise choices for your security program.
Table of contents
- Course Overview1m 33s
- Explaining Fuzz Testing25m 22s
- Writing and Monitoring Mutation Fuzzers15m 3s
- Using the Sulley Fuzzing Framework for Generation Fuzzing8m 39s
- Learning the Peach Fuzzer14m 19s
- Distributing Fuzz Test Cases14m 19s
- Fuzzing APIs8m 16s
- Fuzzing In-memory Code13m 23s
- Learning Feedback Fuzzers: AFL and libFuzzer19m 25s
- Applying Fuzzing Metrics9m 1s
Security for Hackers and Developers: Reverse Engineering
In the prior courses we learned there are 4 main techniques to secure code: design review, static analysis, manual audit, and dynamic (fuzz) testing. But, once the code is fielded, hackers will begin researching exploits against it. In this course, learn how and why compiled binaries are examined and scoured for weaknesses, and why reversing is also a required malware analysis skill and is sometimes needed for low-level developers working with undocumented APIs. After watching this course you'll be familiar all of the above and with the popular IDA pro tool and how to use it. Download the IDA pro demo to complete the labs.
Table of contents
- Course Overview1m 38s
- Using IDA Pro to Reverse Code30m 35s
- Learning x86 and Calling Conventions23m 15s
- Understanding C-to-Assembly and Compiled Structures13m 22s
- Patching a Compiled Binary15m 24s
- Reversing C++17m 3s
- Extending IDA with Scripts22m 47s
Security for Hackers and Developers: Exploit Development
With developers so overloaded, why should you prioritize security fixes? Because hackers are probably writing exploits against your product right now. You need to learn what that process entails to enable a deeper appreciation for the serious defenses needed. In this course, Security for Hackers and Developers: Exploit Development, you'll learn the ins and outs of how to write basic exploits. First, you'll explore control-flow hijacks such as function and return pointer overwrites. Next, you'll cover how to create and debug shellcode. Finally, you'll discover how to overcome common security mitigations using return-oriented programming (ROP). By the end of this course, you’ll know how to exploit programs with confidence, which gives you the skills to defend software, write exploits, or reverse engineer malware.
Table of contents
- Course Overview1m 36s
- Auditing, Debugging, and Vulnerabilities24m 25s
- Understanding a Function Pointer Overwrite13m 25s
- Exploiting a Windows Server Using Shellcode32m 10s
- Exploiting a Basic Browser Bug16m 41s
- Applying Return-oriented Programming19m 26s
In the final course in this path, you'll draw on the knowledge and skills you’ve learned in order to analyze and detect an advanced form of malware, exploit kits.
Advanced Malware Analysis: Combating Exploit Kits
Cyber-criminals are innovating faster than ever, and the cyber-crime industry caused the loss of hundreds of billions of dollars last year across the US and Europe alone. In this course, Advanced Malware Analysis: Combating Exploit Kits, you'll learn the skills you need to pull apart and analyze exploit kits (an advanced form of malware) with Dr. DeMott. First, you'll explore the tools and techniques you'll be using as well as analyze events collected by Bromium micro-VMs. Next, you'll work on unraveling the exploit kits--figuring out which ones were used, what they look like, how to decrypt them, and how to detect them in "the wild." Finally, you'll learn how to conduct safe dynamic analysis of these exploit kits, detect CNC communication, and share your analyses so that these problems can be remedied. By the end of this course, you'll not only have a better understanding of what exploit kits are and how to detect them, but you'll be able to analyze how they work and report them so that your data is safer than ever from cyber-crime.
Table of contents
- Course Overview1m 19s
- Introduction16m 15s
- Recognizing the Exploit Vector15m 19s
- Unraveling Exploit Obfuscation13m 15s
- Circumventing Exploit Kit Encryption11m 1s
- Understanding Moving Target Communications8m 16s
- Detecting Angler in the Wild9m 20s
- Performing Safe Dynamic Analysis13m 8s
- Analyzing Files Statically13m 3s
- Reversing Malware with Debugging Tools18m 3s
- Reversing Malware with IDA pro15m 38s
- Customizing Reports: From Researchers to CISOs8m 43s
What you will learn
- The fundamentals of software security and a security-oriented development process
- How and when to audit source code
- How to use various fuzzing techniques
- How to reverse compiled software using IDA Pro
- How to detect and exploit bugs in software, including stack overflows, function pointer overwrites, off-by-ones, integer errors, uninitialized variable attacks, heap spraying, and ROP
- How to detect and analyze exploit kits (EKs)
- How to pull apart the malware payloads dropped by the initial exploit or EK
There are no required prerequisites for this path. Programming (specifically with C/C++/.asm) and information/cyber security knowledge and experience is helpful, but not necessary.
Register for FREE. Get your Pluralsight IQ.
You’ll get unlimited access to adaptive skill assessments that help you validate your skills in as little as 5 minutes, and you'll get to see the Pluralsight platform first-hand.