(In)Security in C++

C++ Security NDC TechTown

The course teaches C++ developers fundamental concepts from Exploit Development and Reverse Engineering, and uses these concepts to demonstrate common vulnerabilities in C++ codebases. This background is used to help the students to view their code from an attacker's perspective. They develop a sense of what common vulnerable constructs in C++ look like, and also which tools can help them find different types of vulnerabilities in their existing code bases.

Attendees can expect to gain

  • A basic understanding of the mindset of an exploit developer. - An understanding of assembly
  • Good grasp of tooling that can be used to find vulnerable constructs
  • Good idea of things to look for in code reviews
  • Good overview of Secure Coding Practices in C++

Secure Coding Practices

The Secure Coding Practices taught are largely based on the C++ Core Guidelines, the Common Weakness Enumeration (CWE) and the SEI CERT Coding Standards for C++.

Prerequisites

The attendees are assumed to be proficient C++

Modules

  1. Introduction and what specs exist?
  2. Undefined Behavior & Compiler Optimizations
  3. The anatomy of a Stack Buffer Overflow shellcode (on Linux)
  4. Exploration of simple Exploitation Techniques
  5. Introduction to Compilers, Static Analysis, Sanitizers and Fuzzers
  6. Exploitable Programming Constructs: Memory I
  7. Exploitable Programming Constructs: Memory II
  8. Exploitable Programming Constructs: Numbers
  9. Secure Programming Practices in C++: Prefer C++ to C
  10. Secure Programming Practices in C++: Resource Management
  11. Secure Programming Practices in C++: Avoid the Pitfalls
  12. Secure Programming Practices in C++: Functionality
  13. Insecure Coding 101

Vulnerabilities

  1. Stack Buffer Overflow (CWE-121)
  2. Heap Buffer Overflow (CWE-122)
  3. Buffer Underflow (CWE-124)
  4. Use After Free (CWE-416)
  5. Double Free (CWE-415)
  6. Unsigned Integer Wraparound (CWE-190)
  7. Signed Integer Overflow (CWE-190)
  8. Numeric Truncation (CWE-197)
  9. Incorrect Type Conversion (CWE-704)
  10. Uncontrolled Format String (CWE-134)

Tools and Techniques

  • Exploitation: Stack Overflow Exploit, Return Oriented Programming and Format String Exploit
  • Vulnerability Mitigation: Static Analysis, Warnings, Sanitizers and Fuzzers Platform Mitigation: Stack Canaries, Address Space Layout Randomization (ASLR), Non-executable memory

Time

09:00 - 17:00