Below is my preliminary table of contents for Drudget's Auditor++ course and certification.
I don't think it's complete, and I'm interested in hearing what others think.
Drop me a line at drudget.com.au's contact form if you're interested in knowing more about the Auditor++ course or have some recommended topics you want to know more about.
Auditor++ Course/Certification
Security
- smashing the stack (phrack article - reference aleph1)
- jmp/push opcode obfuscation technique
- Exploitable Bug classes
- stack and heap buffer overflows
- integer overflows
- off by one
- double free
- use after free
- Deadlocks and race conditions
- readelf and objcopy tools
- IFUNC redirection
- LD_PRELOAD exploits/rootkits
- Opcode overwriting hooking method
- Typical shell server (bind-shell)
- Writing shellcode (execve, bind shell, connect back shellcodes)
- strncpy (non-null termination) bugs
- Various other non-safe "standard C" function string bugs (strcpy, strcat, sprintf, etc)
- rand() random number generation (on non-Linux systems), and non-cryptographically secure PRNGs
Other coding
- Memory leaks
- Non-RAII leaks by exception handlers (C++)
- File descriptor leaks
Using auditing tools
- Drudget's C/C++ Flak Jacket and GCC's libasan -fsantize=address
- Drudget's Garbage collector and Valgrind
- Boehm-GC
- Drudget's Deadlock detector and Helgrind
- GDB - debugging
