Advanced Vulnerability Research
ACTP's most technical and challenging offering, designed for those who are looking to take their VR skills to the next level.Course Description
Written by a team of vulnerability research experts, this course will teach students how to find bugs such as use-after-free, type confusion, memory corruption, and logic bugs in software applications like web browsers and operating system kernels. Students will learn to find vulnerabilities using techniques such as fuzzing, symbolic execution, and code property graphs.
Prerequisites
• Strong programming skills in C and C++.
• Comfortable with reverse engineering software using IDA and Ghidra.
• Completed the Vulnerability Research and Exploitation module from a CNO Programmer course.
What You Will Learn
Daily Agenda
Day 1: Code Auditing and Foundational Bugs
A thorough review of auditing techniques across source and binaries. Learn to identify undefined integer operations and dangerous synchronization patterns that lead to exploitable bugs.
Day 2: Fuzzing and Type Confusion
Learn to use modern fuzzing tools like AFL++ to find vulnerabilities in target programs, including hands-on labs for network-based applications, and a deep dive into finding type confusion bugs.
Day 3: Advanced Fuzzing and Memory Corruption
Write custom fuzzing harnesses for hard targets, learn about fuzzing exotic interfaces like RPC, and use emulation engines like Unicorn and Frida. Gain a deep understanding of memory corruption bugs.
Day 4: Symbolic Execution
A deep dive into the cutting-edge concepts of symbolic execution from SAT/SMT solvers to intermediate representations. Write your own x86-64 symbolic execution engine and learn to use angr.
Day 5: Code Property Graphs & Final Exam
Combine abstract syntax trees, control flow graphs, and data flow graphs into code property graphs to find subtle vulnerabilities. Covers use-after-free and information disclosures, followed by the final exam.