"For Hacker and Developers"
Rust is a strongly typed and safe systems programming language developed by Mozilla. Over the year, it has become the language of choice to build memory-safe programs while maintaining high performance at scale. Usually, Rust is used for files format and protocols parsers but also on critical projects like in the new high-performance browser engine, Servo.
However, coding using memory-safe language doesn’t mean the code will be bugs-free. Different kind of vulnerability like overflows, DoS, UaF, OOB, etc. can still be found and sometime exploited to achieve remote code execution (RCE).
Goal of this course is to give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using Rust auditing tools. Finally, you will discover how to build custom Rust fuzzers, triage/debug crashes and improve your code coverage using different techniques.
Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.
2 - 3 DAY COURSE OUTLINE
Customization is possible for onsite trainings. Schedule an onsite training at a location of your choice today.
Introduction to Rust
Security concepts & Ownership
Error handling & Unwrapping
Attack surface discovery
Rust vulnerabilities & impacts
Uninitialized & Zeroing memory
Setup fuzzers easily (cargo-fuzz, afl-rs, honggfuzz-rs) Crashes Triaging Structure-aware Fuzzing Debugging / Bugs analysis Code coverage Grammar-based Fuzzing Corpus minimization Sanitizers (ASAN, MSAN, …) Symbolic execution Vulnerability exploitation
- Familiarity with Rust programming.
- Familiarity with Linux.
- SKILL LEVEL: BEGINNER / INTERMEDIATE
- A working laptop capable of running virtual machines
- 4GB RAM required, at a minimum
- 40 GB free Hard disk space
- Administrator / root access MANDATORY