This class teaches you how to disassemble binaries, read x86-64 assembly language, and debug black-box binaries in WinDbg and GDB. This knowledge of assembly is the fundamental skill which is required to learn reverse engineering and vulnerability exploitation. Reverse engineering is in turn a fundamental skill which is required for malware analysis and vulnerability hunting.

Dual-purpose class: This class teaches developers how to avoid writing implementation flaws, or detect ones that are already in their code...but it also teaches vulnerability-hunters how to find the flaws as well! So it's an epic battle between contentious developers and devious vulnerability hunters! Who will win?! Whoever most takes the lessons of this class to heart!

Over three-dozen CVE writeups!

This class serves as a prerequisite for a future class that will add examples on uninitialized data access, race conditions, use-after-free, type confusion, and information disclosure vulnerabilities.

This class is designed to give you all the background you need to understand how x86-64 firmware (aka UEFI BIOS) works, and what the most common security misconfigurations are. It will prepare you to be able to read and understand the existing attack and defense research in the space, taking an explicit walk through of the attack and defense moves and counter-moves threat tree. And as always, this classes teaches you to be comfortable with Reading The Fun Manual (RTFM!) to go seek out the most accurate details of how things work, and to see out new problems in new areas that no one's read yet with a security mindset.

Dual-purpose class: This class teaches developers how to avoid writing implementation flaws, or detect ones that are already in their code...but it also teaches vulnerability-hunters how to find the flaws as well! So it's an epic battle between contentious developers and devious vulnerability hunters! Who will win?! Whoever most takes the lessons of this class to heart!

Over three-dozen CVE writeups!

This class treats the material from C/C++ Implementation Vulnerabilities Part 1 as a prerequisite.

This is the combination class that lets you take any of the material(!) from the x86-64 Assembly, x86-64 OS Internals, x86-64 Intel Firmware Attack & Defense, C/C++ Implementation Vulnerabilities Part 1 and C/C++ Implementation Vulnerabilities Part 2 classes at your own pace, but with full instructor support.

RISC-V is the new hotness! It's going to take over the world! (Or is it? It is!) But what is RISC-V, and why should you care?

RISC-V is an open source Instruction Set Architecture (ISA). Or, in reality, a small, tight-nit family of ISAs and ISA extensions. The multiple ISAs allow it to be modular and be cut down to work for a 32-bit embedded system, or scaled up for a 64-bit desktop system.

But it's the open-source aspect of RISC-V which is what will make it take over. In a world where many embedded device makers use ARM ISAs, but have to pay ARM a licensing fee, what company wouldn't want to investigate making their chips without paying licensing fees to ARM, or Tensilica, or others? E.g. in 2022 Espresiff indicated they'll be using RISC-V exclusively for all future chips. So in the same way that Linux found some clearly beneficial early niches, and kept expanding from there, RISC-V has begun to find its niches, and natural market forces will cause it to continue expand.

This class teaches you how to disassemble binaries, read RISC-V assembly language, and debug black-box binaries in GDB. This knowledge of assembly is the fundamental skill which is required to learn reverse engineering and vulnerability exploitation. Reverse engineering is in turn a fundamental skill which is required for malware analysis and vulnerability hunting.

This class teaches you about the fundamental hardware mechanisms which all operating systems, virtualization systems, and firmware *must* interact with in order to run successfully on x86 hardware. For instance it teaches you what an OS, virtualization, or firmware must do to separate user code (ring 3) from kernel code (ring 0). Or how they can enforce non-executable memory to make vulnerability exploitation more difficult. This is taught in a *mostly* OS-agnostic way focusing on Intel-isms rather than OS-isms (albeit with using Windows as reinforcement, thanks to its excellent kernel-level debugging support.) This class also teaches you to be comfortable with Reading The Fun Manual (RTFM!) to give you self-sufficiency when seeking out the most accurate details of how things work.