Modern Memory Safety: C/C++ Vulnerability Discovery, Exploitation, Hardening
This repo contains the slides for a training course originally developed in 2012. It has been delivered to many students since its creation. It's sold out at the Black Hat USA conference several years in a row. The content has gone through many iterations based on feedback from those classes. The original training focused mainly on browser vulnerability discovery and exploitation. This latest version still focuses on that but also covers more topics such as custom memory allocators, hardening concepts, and exploitation at a high level.
This training would not have been possible without open source projects to study, or freely available texts from the security community. In fact, the security community is one of the best proponents of open source. I want to help continue that trend.
We all know a technical training course isn't about the slides. It's about hands on interaction with tech, discussion with fellow students and the instructor. The instructors experience with the topic is also very important. So these slides are only a piece of the experience of taking the course. So one of the best contributions you can make to this repo is notes and talking points for each slide. I have created a directory in this repo specifically for that. Pull requests for notes will be reviewed and accepted as often as possible.
Despite years of tweaking and updates, there will be mistakes in these slides. They were recently exported from Keynote and it took awhile to get the formatting back. There will also be technical mistakes that may need to be fixed. If you find any of these issues please report them to me on github or email me if you don't want to be identified.
Many of the students who have taken the course over the years are far smarter than I am. Their feedback was essential to this training.
Thanks to Yahoo for facilitating this open source release!
This training contains snippets of code from various open source projects. They are listed here along with their license.
- This training - Copyright Yahoo 2016 https://creativecommons.org/licenses/by-nc-sa/4.0/
- Apple iOS goto Fail - Apple Public Source License http://opensource.apple.com/license/apsl/
- OpenSSL - https://www.openssl.org/source/license.txt
- Nginx - 2 clause BSD http://nginx.org/LICENSE
- Mozilla Firefox - MPL https://www.mozilla.org/en-US/MPL/
- WebKit - GPLv2 https://webkit.org/licensing-webkit/
- Chrome - 3 clause BSD https://www.chromium.org/
- v8 - 3 clause BSD https://developers.google.com/v8/