Training

Advanced technical training for security researchers, incident response handlers and exploit developers. Our hands-on workshops give your staff the skills to understand how modern attacks are developed and performed.

Our trainings are scheduled once enough people have indicated their interest in taking one. Fill out the form below if you are interested in taking a training offered by Trail of Bits.

Available Trainings Course Length Register
Windows Browser Exploitation ("Assured Exploitation") 2, 3 or 5 days Waiting List
Full-Spectrum Capture the Flag 3 or 5 days Waiting List
Ruby Security 1 or 2 days Waiting List

I'm interested in a training with Trail of Bits!

If you would like to schedule a private training for your company or have any questions about the courses, please contact training@trailofbits.com. Receive announcements about our upcoming trainings by subscribing to our announcement list. If you would like to request help from your company to attend a training, we can help you get started.


Assured Exploitation

Many security professionals have experience with stack overflows and heap spraying, but these techniques are rarely sufficient when applied to modern systems. Reliable exploitation on Vista and Windows 7 systems requires advanced techniques such as heap layout manipulation, return oriented programming and ASLR information leaks. This two-day intensive course focuses on teaching the principles behind these advanced techniques and will give the students hands-on experience with real-world exploits.

Assured Exploitation is delivered by the security research team at Trail of Bits.


Full-Spectrum Capture the Flag

CTF competitions try to distill the essence of many aspects of professional computer security work into a single short exercise that is objectively measurable. The focus areas that CTF competitions tend to measure are vulnerability discovery, exploit creation, toolkit creation, and operational tradecraft. Modern computer security professional should be an expert in at least one of these areas and ideally in all of them. Therefore, preparing for and competing in CTF represents a way to efficiently merge discrete disciplines in computer science into a focus on computer security.

Full-Spectrum Capture the Flag is delivered by the security research team at Trail of Bits.


Ruby Security

In the last year, many new vulnerabilities and vulnerability classes have been discovered in Ruby applications. These vulnerabilities make use of features specific to the Ruby language and common idioms present in large Ruby projects, such as serialization and deserialization of data in the YAML format. As these vulnerability classes were initially discovered in popular and well-studied open source software, it’s extremely likely that they occur in applications throughout the Ruby ecosystem. These applications frequently represent lucrative targets for attackers, and with the appearance of new and easily exploitable bug classes, the potential for targeted and mass exploitation of Ruby programs has been demonstrated to the world. In this training, we aim to bridge a knowledge and skills gap by bringing information about these new vulnerability classes to software developers.

This training will cover the recent Ruby on Rails vulnerabilities classes, their root causes, and include demonstrations and exercises where students develop exploits for real-world vulnerabilities. Students will learn the patterns behind the vulnerabilities and develop software engineering strategies to avoid introducing vulnerabilities of this type into their projects.

Ruby Security is delivered by Hal Brodigan of Trail of Bits.