RUST SECURITY TRAINING

Rust Security
"For Hacker and Developers"

Rust is a strongly typed and safe systems programming language developed by Mozilla. Over the year, it has become the language of choice to build memory-safe programs while maintaining high performance at scale. Usually, Rust is used for files format and protocols parsers but also on critical projects like in the new high-performance browser engine, Servo.

However, coding using memory-safe language doesn’t mean the code will be bugs-free. Different kind of vulnerability like overflows, DoS, UaF, OOB, etc. can still be found and sometime exploited to achieve remote code execution (RCE).

This goal of this course is to give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using Rust auditing tools. Finally, you will discover how to build custom Rust fuzzers, triage/debug crashes and improve your code coverage using differents techniques.

Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.

On-site Training

WebAssembly & Rust onsite trainings are available at a location of your choice.

2 or 3 DAY COURSE OUTLINE

Customization is possible for onsite trainings. Schedule an onsite training at a location of your choice today.

Introduction to Rust
Security concepts & Ownership
Panicking macros
Error handling & Unwrapping
Unsafe codes
Attack surface discovery
Rust vulnerabilities & impacts
Uninitialized & Zeroing memory
Auditing tools

Setup fuzzers easily (libfuzzer, afl, honggfuzz)
Crashes Triaging
Structure-aware Fuzzing
Debugging / Bugs analysis
Code coverage
Corpus minimization
Sanitizers (ASAN, MSAN, …)
Symbolic execution
Vulnerability exploitation

CLASS REQUIREMENTS

Familiarity with Rust programming.
Familiarity with Linux.

A notebook capable of running virtual machines.
Enough hard disk space to run one VM.

Virtual machine (VirtualBox preferred).
Administrator / root access required.

CONTACT US

Onsite Training

We offer the world’s first WebAssembly Security training in 4 or 5 days format. We only provide 2 days Rust Security training. All our onsite trainings start at just 5 participants. Customization of the training is possible, but need to be request as soon as possible.

Check out the complete training content we can offer.