(In)secure C++ Training with Patricia Aas
— November 23, 2023

A few weeks ago I had the privilege of attending the security training (using C++) by Patricia Aas. This was also the only training she ever did in the North American timezone and that was such a fortunate thing for me. This was such a fun experience and I want to give you a bit of detail on what you can expect from this training.

Basic structure

This is an intense course, but it is also a lot of fun. As a trainer myself, I am just in sheer awe of Patricia. This was 4 (four) days of 8 (eight) hours each day. You do get an hour of break in the middle but I can tell you this is still a lot of work for the trainer. Apart from that, there is a healthy variety of theory (including history) with practical exercises.

Highlights (for me)

Material

I have always wanted to get hands-on security courses from the vantage of reverse-engineering, fuzzing, shellcode, and learn about the tooling around it. All of that was covered.

Slides

I give extra mention for slides because Patricia’s slide-deck is so beautiful. You can get some idea of what to expect by visiting her website.

Exercises

There are a plenty of exercises and hands-on work. You even get to do your own fuzzing, you learn about heartbless heartbleed as an exercises! I am going to setup my own fuzzing lab at home.

Is it for you?

In my group, there were seasoned security and reverse-engineering folks. There were also total beginners like me. Seldom is a course where people from both ends of the spectrum of knowledge can get so much out of. I can assure you that no matter where you are, this course will be fun and educational for you.