Hunt your Zero-Days via Taint Analysis

After all progress in cyber protection mechanisms, we still hear such news as Twitter got hacked, Facebook accidentally released users' accounts,
which were stored as plain-text passwords for millions of users! Google has closed its social network platform after data leaks and some security concerns.
It seems hackers manage to perform more successful and sophisticated attacks every year, mostly by exploiting unknown software vulnerabilities and using new techniques.
As a result, cybercriminals can successfully steal the valuable information of millions of people.

In this workshop, I will introduce dynamic taint analysis (DTA) is a powerful technique that allows us to detect zero-day vulnerabilities in software binary files before being identified and exploited by hackers!
The DTA works based on monitoring dynamic executions during the runtime execution of a program. Precisely, in this technique, we taint sensitive data originating from external environments such as network,
file system, and external processes. Then we track these taints throughout the program execution, and finally, we try to prevent these taints from going to untrusted channels in insecure ways.

Then, I will teach you how to use DTA in practice in order to identify various programming vulnerabilities (e.g., remote code injection, SQL injection, cross-site scripting,
insecure deserialization, etc.) in software binaries and source codes, and how to enforce proper data flow policies to prevent sensitive information from being leaked in untrusted channels.

Make Your Own Cross-Platform Malware in Java for Fun not Profit!

In this workshop, you will practically learn how to build real-world Ransomware in Java that bypass conventional security systems (e.g., Antivirus) from Scratch. Moreover, we will learn how to analyze and protect yourself against deceptive and sophisticated ransomware with practical approaches.

+ Requirements

You should have a basic understanding of operating systems and networking.

+ What you'll learn?

Understanding differences between various categories of malware in real-world hacking such as ransomware, trojan, and keylogger in ethical hacking
Learning cryptography basics for ransomware design
Learning Java Basics required for ransomware design
Creating a basic cross-platform Ransomware Program that works on Windows, Linux, and macOS
Building an advanced Ransomware For Windows, Linux, and macOS
Learning how to hide your ransomware from standard protection tools such as antivirus engines
How To Setup A Sandbox Environment For Malware Analysis
Analyzing ransomware by static code Analysis
Analyzing ransomware by call-graph technique
Analyzing ransomware by dynamic taint tracking
How to remove ransomware from your system