Trainings

We provide IT security trainings, tailor-made for our customers as well as a number of common trainings covering a number of areas.

The following sections provide an overview of our trainings. In case you are interested in a more custom training, please feel free to get in touch.

All trainings contain interactive exercises, which enable the participants to approach the course contents from a practical side. The trainings are held online via video conferencing.

The following ready-made trainings are currently available:

• Secure Coding in C/C++
• Reverse Engineering Basics
• Basics of Using Symmetric Cryptography

In case you are interested in one of our training offers, please feel free to get in touch with us. The training schedule depends on the number of possible participants.

Secure Coding in C/C++

Modern programming languages almost exclusively are considered memory-safe and thus are protected from various software bugs and vulnerability classes. However, memory safety vulnerabilities are to this day the standard for software attacks and will be a major issue for decades to come as memory-unsafe languages such as C and C++ are still used in even most critical software such as operating systems, browsers or embedded devices.

This course focuses on the C and C++ programming languages mostly memory-related vulnerability classes with the aim to introduce concepts and patterns to be applicable and useful for all software developers with fundamental knowledge of low-level programming languages and computer architecture. While exploitation is not a focus of this course, this course briefly outlines potential exploits to develop an understanding why certain practices are insecure.

On key concept of this course is to be highly interactive, offering a wide range of real-world examples and challenges to help students to identify and avoid memory safety issues with confidence.

Course Content

This two-day workshop covers the following subjects:

• Memory Corruption Issues
• Buffer Overflows
• Stack-based Problems
• Heap-based Problems, including
  • Use-after-Free
  • Double Free
• Arithmetic Problems
• Format String Bugs
• String Handling in C vs. C++
• Use of Uninitialized Memory
• Missing Return Value Checks
• Concurrency-Related Problems
• Hardware-Related Issues
• Branch Prediction Problems
• Cache (timing) Issues
• Processor Quirks (if applicable)
• Hardware Exploit Mitigation Mechanisms
• Thinking about Security in Development

Who should attend

Software developers, researchers and IT-security specialists seeking to understand, identify and avoid memory-related software vulnerabilities

Pricing

We’re charging a total of €850.00 (VAT excluded) per seat for this two-day training.

Reverse Engineering Basics

Have you ever wondered if humans could comprehend binary code, just as computers seem to do? This intuition is correct even though it is not an easy task. Attend this training to dive into the world of the static and dynamic analysis of compiled binaries without available source code.

The primary focus of this course is Win32 and Linux. However, the learned techniques should apply to other areas as well. While a fundamental understanding of the C programming language is necessary, participants do not need to be specialists in the language. Moreover, although x86 assembly is briefly introduced, having an elementary understanding is advantageous.

This highly interactive course offers a wide range of challenges where you can put your newly acquired knowledge to use and understand what to look for when analyzing unknown binary files.

Course Content

Among other topics, the three-day training covers the following subjects:

• A brief introduction to x86 assembly and operating systems
• Compiler idioms and calling conventions
• Introduction to different tools like: IDA Disassembler/Debugger, GDB, x32dbg/x64dbg, API Monitor, Frida, NASM
• Analyzing different non-cooperative programs (malware, obfuscation, packers, …)
• Studying multiple shellcodes
• Patching compiled binary files
• Optional: Introduction to other architectures like ARM

Who should attend

IT-related professionals or enthusiasts seeking to gain hands-on experience in reverse engineering and malware analysis

Pricing

We’re charging a total of €1050.00 (VAT excluded) per seat for this three-day training.

Basics of Using Symmetric Cryptography

Cryptography is one of the central building blocks of secure software solutions. However, it is not always obvious how to correctly use cryptographic primitives and protocols. In this course we will discuss a number of common problems when using symmetric cryptographic primitives.

This serves the purpose of obtaining a better understanding of why certain practices are recommended, and the possible consequences of potential design or implementation issues. The focus of this introductory course will be on symmetric cryptography (i.e., on block ciphers and their modes, hash functions, MACs etc.).

The course is not a lecture, but rather an interactive event. It contains a number of hands-on exercises and challenges, where you can put your knowledge to use.

Course Content

This two-day training covers the following subjects:

• Brief introduction to symmetric cryptography
• Considerations regarding “classic” block cipher modes
• Issues arising from using ECB
• Potential problems related to CBC (e.g., padding oracle issues)
• Considerations regarding modern modes such as GCM
• Hash Functions and MACs
• Collisions and their consequences
• Length-extension issues in bad MAC constructions
• Random Number Generators

The focus of this course will not be to develop or mount attacks on existing cryptographic primitives (such as AES). Rather, it will be on obtaining a better understanding of security vulnerabilities emerging from incorrect use of such primitives.

Who Should Attend

IT-related professionals or enthusiasts seeking to gain hands-on experience in basic cryptographic vulnerabilities

Pricing

We’re charging a total of €850.00 (VAT excluded) per seat for this two-day training.