Learn Windows vulnerability research techniques through a CVE-guided approach. Master patch diffing, reverse engineering, and vulnerability analysis using Ghidra SRE. Gain confidence and competence in systematically researching, analyzing, and exploiting complex Windows vulnerabilities.

In QEMU Internals and Fuzzing: From IoT to iPhone, participants will learn about the fundamentals of emulation and fuzzing, how to emulate a custom device in QEMU from the ground up, and how to instrument it for fuzzing and vulnerability research.

This training guides through the field of Linux kernel exploitation. In a series of practical labs, the training explores the process of exploiting kernel bugs in a modern Linux distribution on the x86-64 architecture.

In this course, students will gain the necessary hands-on experience, knowledge, and confidence to conduct automated program analysis at scale using machine learning.

This course covers AI-augmented static and dynamic analysis for Android apps. It includes modules on Jadx, Ghidra, Frida, and AI tools like GPT-4 and Claude. The course culminates in a hands-on project analysing a complex APK.

This 4-day training will equip you with a toolbox of indispensable techniques and methods for diving into the world of hacking apps and discovering system internals on Apple’s mobile devices running on the latest iOS 19

Over the 4 days of this training, you will learn how to reverse engineer mobile baseband firmware, create fuzzing harnesses, and find bugs via fuzzing!

This course examines the challenge of examining Apple’s proprietary iOS ecosystem, a common target for sophisticated cyberattacks. You’ll learn foundational iOS security principles, practical forensic constraints, and methods and tools for extracting data in fully authorised forensic engagements.

This course teaches Ghidra usage, covering fundamental to advanced techniques with hands-on exercises on real-world Windows applications. It is designed for those with foundational Windows and security knowledge.

Led by Mandiant, this course teaches fundamental investigative techniques for responding to cyber threats, including rapid triage, identifying attack vectors, and investigating incidents.

This course is a companion to Black Hat Python, 2nd Edition, covering major subject areas through hands-on labs and exercises. It is beneficial for both seasoned and new Python programmers.

An ideal introduction to vulnerability exploitation on 64-bit ARM Linux platform, spanning from ARM64 assembly all the way to ARM64 Return Oriented Programming (ROP). An ideal step up from the 32-bit ARM Exploit Laboratory.

A special live recording of The Three Buddy Problem podcast, where three industry veterans tackle the complex, the controversial, and the downright weird corners of infosec. Sharp insights, unfiltered takes, current threats, hacker culture, and what’s next for the security world.

A behind-the-scenes look at the wild, frustrating, and comical world of bug disclosures. From face-palm moments to vendor mishaps, this talk shares lessons, farces, and advice to improve how bugs are found, reported, and fixed.

Trail of Bits’ Buttercup won $3M in DARPA’s AI Cyber Challenge, autonomously finding and patching 28 vulnerabilities. We’ll demo its open-source multi-agent system using static analysis and AI fuzzing, and share lessons on scaling AI-driven security.

On July 19th 2025, Microsoft published two new critical 9.8 CVSS score CVEs covering vulnerabilities in on-prem versions of SharePoint. Follow along as we pull on the thread and unravel a far-ranging campaign including over 40 custom malware samples never before described in public.

CVE-2025-29824 is a use-after-free in Windows CLFS that doesn’t require tampering with CLFS containers. We discuss the root cause, reliable triggers, how it leads to kernel-level privilege escalation, detection strategies and potential forensic artefacts to monitor in real-world environments.

In this talk, we reveal how we discovered over 30 exploitable Microsoft-signed Windows drivers, even on fully patched systems. We detail our reversing method and a flaw in the driver signing process that lets attackers create undetectable, validly signed driver variants.

Learn to build a private, modular RE stack with GhidraMCP, pyghidra-mcp, Ollama & OpenWebUI. This workshop shows how to set up local LLMs, integrate with Ghidra, and customize workflows—enabling offline, privacy-first analysis of malware, firmware & binaries.

Rust can be challenging for even experienced reverse engineers. We will reverse a simple Rust malware loader found in the wild with obfuscated strings and a decoy payload, making it a good example for learning Rust reversing concepts like threads, dynamic dispatch, and type recovery.