Paths

Security for Hackers and Developers

Author: Dr. Jared DeMott

Security for Hackers and Developers lays the foundation for anyone interesting in creating secure software and systems, or anyone interesting in hacking computer systems. Upon... Read more

Beginner

The Security for Hackers and Developers: Overview course will teach you the fundamentals of software security and a security-oriented development process, and in doing so, provide the foundation for you to move to the intermediate courses which focus on code auditing, fuzzing, reverse engineering, and exploit development.

1

Security for Hackers and Developers: Overview

by Jared DeMott

Jan 26, 2016 / 1h 9m

Beginner • 1h 9m

Start Course
Description

Enterprises around the world have identified cyber security as a top concern. Security vulnerabilities leave companies open to hacking and security breaches. This course will teach you tools to fight against security vulnerabilities and attacks. You'll learn the fundamentals of software security and a security-centered software development process, where bugs typically live and how to find them, and specific techniques such as manual and automated code reviews. When you're finished with this training course, you'll understand the major security domains and have some ideas for securing your software that you can apply right away.

Table of contents
  1. Course Overview
    1m 28s
  2. Introduction
    14m 42s
  3. Understanding the Security Development Lifecycle - SDL
    17m 30s
  4. Uncovering Security Bugs
    10m 2s
  5. Using Static Analysis
    10m 4s
  6. Pentesting Code: Learning from a Case Study
    15m 43s

Intermediate

There are four technical skills required by security researchers, quality engineers, and developers concerned with software security: source code auditing, fuzzing, reverse engineering, and exploitation. With the understanding these four courses provide, you’ll be ready to move on to the advanced course in this path Advanced Malware Analysis: Combating Exploit Kits.

2

Security for Hackers and Developers: Code Auditing

by Jared DeMott

Aug 31, 2016 / 2h 2m

Intermediate • 2h 2m

Start Course
Description

Bugs in software can be very expensive issues that can arise from not thoroughly testing and re-testing your code. In this course, Security for Hackers and Developers: Code Auditing, you will learn about manual code pentesting and all about how a professional code auditor finds bugs in code. You'll mainly be focusing on C/C++, but the high level ideas apply to all languages. By going deep into the weeds on C and C++ code, learners will appreciate the depth and experience required to audit this and any language code. First you'll learn about code auditing tools and techniques, as well has why memory corruption happens and how to prevent it. Then you'll learn all about the newer bug types such as use-after-free, type confusion, and kernel double fetch. You'll wrap up the course by learning about the real-world vulnerabilities like Heartbleed and other critical browser bugs. By the end this course, you'll know how to audit code with confidence. You'll know how to spot bugs, understand why they're important, and architect modern protections.

Table of contents
  1. Course Overview
    1m 37s
  2. Exploring C Program Details Related to Security
    29m 19s
  3. Auditing C Code
    36m 19s
  4. Exploring C++ Program Details Related to Security
    25m 19s
  5. Auditing C++
    30m 1s
3

Security for Hackers and Developers: Fuzzing

by Jared DeMott

Dec 14, 2016 / 2h 9m

Intermediate • 2h 9m

Start Course
Description

Bugs in software costs the economy billions of dollars each year. In this course, Security for Hackers and Developers: Fuzzing, you are going to turn the tide by learning how to find and fix critical bugs quicker. Hackers have long used a technique called fuzzing to find bugs and software makers must do the same. First, you'll learn about mutation and generation fuzzing. Next, you'll explore monitoring, parallel fuzzing, and in-memory fuzzing. Finally, the course will wrap up with you learning about feedback fuzzing. By the end this course, you'll know how to fuzz programs in multiple ways. You'll know the pros and cons of each technique, and be able to make wise choices for your security program.

Table of contents
  1. Course Overview
    1m 33s
  2. Explaining Fuzz Testing
    25m 22s
  3. Writing and Monitoring Mutation Fuzzers
    15m 3s
  4. Using the Sulley Fuzzing Framework for Generation Fuzzing
    8m 39s
  5. Learning the Peach Fuzzer
    14m 19s
  6. Distributing Fuzz Test Cases
    14m 19s
  7. Fuzzing APIs
    8m 16s
  8. Fuzzing In-memory Code
    13m 23s
  9. Learning Feedback Fuzzers: AFL and libFuzzer
    19m 25s
  10. Applying Fuzzing Metrics
    9m 1s
4

Security for Hackers and Developers: Reverse Engineering

by Jared DeMott

Mar 29, 2017 / 2h 4m

Intermediate • 2h 4m

Start Course
Description

In the prior courses we learned there are 4 main techniques to secure code: design review, static analysis, manual audit, and dynamic (fuzz) testing. But, once the code is fielded, hackers will begin researching exploits against it. In this course, learn how and why compiled binaries are examined and scoured for weaknesses, and why reversing is also a required malware analysis skill and is sometimes needed for low-level developers working with undocumented APIs. After watching this course you'll be familiar all of the above and with the popular IDA pro tool and how to use it. Download the IDA pro demo to complete the labs.

Table of contents
  1. Course Overview
    1m 38s
  2. Using IDA Pro to Reverse Code
    30m 35s
  3. Learning x86 and Calling Conventions
    23m 15s
  4. Understanding C-to-Assembly and Compiled Structures
    13m 22s
  5. Patching a Compiled Binary
    15m 24s
  6. Reversing C++
    17m 3s
  7. Extending IDA with Scripts
    22m 47s
5

Security for Hackers and Developers: Exploit Development

by Jared DeMott

Sep 26, 2017 / 1h 47m

Intermediate • 1h 47m

Start Course
Description

With developers so overloaded, why should you prioritize security fixes? Because hackers are probably writing exploits against your product right now. You need to learn what that process entails to enable a deeper appreciation for the serious defenses needed. In this course, Security for Hackers and Developers: Exploit Development, you'll learn the ins and outs of how to write basic exploits. First, you'll explore control-flow hijacks such as function and return pointer overwrites. Next, you'll cover how to create and debug shellcode. Finally, you'll discover how to overcome common security mitigations using return-oriented programming (ROP). By the end of this course, you’ll know how to exploit programs with confidence, which gives you the skills to defend software, write exploits, or reverse engineer malware.

Table of contents
  1. Course Overview
    1m 36s
  2. Auditing, Debugging, and Vulnerabilities
    24m 25s
  3. Understanding a Function Pointer Overwrite
    13m 25s
  4. Exploiting a Windows Server Using Shellcode
    32m 10s
  5. Exploiting a Basic Browser Bug
    16m 41s
  6. Applying Return-oriented Programming
    19m 26s

Advanced

In the final course in this path, you'll draw on the knowledge and skills you’ve learned in order to analyze and detect an advanced form of malware, exploit kits.

6

Advanced Malware Analysis: Combating Exploit Kits

by Jared DeMott

Jun 9, 2016 / 2h 23m

Advanced • 2h 23m

Start Course
Description

Cyber-criminals are innovating faster than ever, and the cyber-crime industry caused the loss of hundreds of billions of dollars last year across the US and Europe alone. In this course, Advanced Malware Analysis: Combating Exploit Kits, you'll learn the skills you need to pull apart and analyze exploit kits (an advanced form of malware) with Dr. DeMott. First, you'll explore the tools and techniques you'll be using as well as analyze events collected by Bromium micro-VMs. Next, you'll work on unraveling the exploit kits--figuring out which ones were used, what they look like, how to decrypt them, and how to detect them in "the wild." Finally, you'll learn how to conduct safe dynamic analysis of these exploit kits, detect CNC communication, and share your analyses so that these problems can be remedied. By the end of this course, you'll not only have a better understanding of what exploit kits are and how to detect them, but you'll be able to analyze how they work and report them so that your data is safer than ever from cyber-crime.

Table of contents
  1. Course Overview
    1m 19s
  2. Introduction
    16m 15s
  3. Recognizing the Exploit Vector
    15m 19s
  4. Unraveling Exploit Obfuscation
    13m 15s
  5. Circumventing Exploit Kit Encryption
    11m 1s
  6. Understanding Moving Target Communications
    8m 16s
  7. Detecting Angler in the Wild
    9m 20s
  8. Performing Safe Dynamic Analysis
    13m 8s
  9. Analyzing Files Statically
    13m 3s
  10. Reversing Malware with Debugging Tools
    18m 3s
  11. Reversing Malware with IDA pro
    15m 38s
  12. Customizing Reports: From Researchers to CISOs
    8m 43s

What you will learn

  • The fundamentals of software security and a security-oriented development process
  • How and when to audit source code
  • How to use various fuzzing techniques
  • How to reverse compiled software using IDA Pro
  • How to detect and exploit bugs in software, including stack overflows, function pointer overwrites, off-by-ones, integer errors, uninitialized variable attacks, heap spraying, and ROP
  • How to detect and analyze exploit kits (EKs)
  • How to pull apart the malware payloads dropped by the initial exploit or EK

Pre-requisites

There are no required prerequisites for this path. Programming (specifically with C/C++/.asm) and information/cyber security knowledge and experience is helpful, but not necessary.

Register for FREE. Get your Pluralsight IQ.

You’ll get unlimited access to adaptive skill assessments that help you validate your skills in as little as 5 minutes, and you'll get to see the Pluralsight platform first-hand.

Offer Code *
Email * First name * Last name *
Company
Title
Phone
Country *

* Required field

Opt in for the latest promotions and events. You may unsubscribe at any time. Privacy Policy

By activating this benefit, you agree to abide by Pluralsight's terms of use and privacy policy.

I agree, activate benefit