"For Hacker and Developers"
Rust is a strongly typed and safe systems programming language developed by Mozilla. Over the year, it has become the language of choice to build memory-safe programs while maintaining high performance at scale. Usually, Rust is used for files format and protocols parsers but also on critical projects like in the new high-performance browser engine, Servo.
However, coding using memory-safe language doesn’t mean the code will be bugs-free. Different kind of vulnerability like overflows, DoS, UaF, OOB, etc. can still be found and sometime exploited to achieve remote code execution (RCE).
Goal of this course is to give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using Rust auditing tools. Finally, you will discover how to build custom Rust fuzzers, triage/debug crashes and improve your code coverage using different techniques.
Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.
2 - 3 DAY COURSE OUTLINE
Customization is possible for online/onsite trainings. Schedule an onsite training at a location of your choice today.
Day 1 – Understand Rust security
- Introduction to Rust
- Security concepts & Ownership
- Panicking macros
- Error handling & Unwrapping
- Unsafe codes
- Attack surface discovery
- Rust vulnerabilities & impacts
- Uninitialized & Zeroing memory
- Auditing tools
Day 2 – Rust vulnerability research & Fuzzing
- Setup fuzzers easily (cargo-fuzz, afl-rs, honggfuzz-rs)
- Crashes Triaging
- Structure-aware Fuzzing
- Debugging / Bugs analysis
- Code coverage
- Grammar-based Fuzzing
- Corpus minimization
- Sanitizers (ASAN, MSAN, …)
- Symbolic execution
- Vulnerability exploitation
- Familiarity with Rust programming.
- Familiarity with Linux.
- SKILL LEVEL: BEGINNER / INTERMEDIATE
- A working laptop capable of running virtual machines
- 4GB RAM required, at a minimum
- 40 GB free Hard disk space
- Administrator / root access MANDATORY