Security for Hackers and Developers

Author: Dr. Jared DeMott

Security for Hackers and Developers lays the foundation for anyone interested in creating secure software and systems, or anyone interested in hacking computer systems. Upon... Read more

What you will learn

  • The fundamentals of software security and a security-oriented development process
  • How and when to audit source code
  • How to use various fuzzing techniques
  • How to reverse compiled software using IDA Pro
  • How to detect and exploit bugs in software, including stack overflows, function pointer overwrites, off-by-ones, integer errors, uninitialized variable attacks, heap spraying, and ROP
  • How to detect and analyze exploit kits (EKs)
  • How to pull apart the malware payloads dropped by the initial exploit or EK


There are no required prerequisites for this path. Programming (specifically with C/C++/.asm) and information/cyber security knowledge and experience is helpful, but not necessary.


The Security for Hackers and Developers: Overview course will teach you the fundamentals of software security and a security-oriented development process, and in doing so, provide the foundation for you to move to the intermediate courses which focus on code auditing, fuzzing, reverse engineering, and exploit development.

Security for Hackers and Developers: Overview

by Dr. Jared DeMott

Jan 26, 2016 / 1h 9m

1h 9m

Start Course

Enterprises around the world have identified cyber security as a top concern. Security vulnerabilities leave companies open to hacking and security breaches. This course will teach you tools to fight against security vulnerabilities and attacks. You'll learn the fundamentals of software security and a security-centered software development process, where bugs typically live and how to find them, and specific techniques such as manual and automated code reviews. When you're finished with this training course, you'll understand the major security domains and have some ideas for securing your software that you can apply right away.

Table of contents
  1. Course Overview1m
  2. Introduction14m
  3. Understanding the Security Development Lifecycle - SDL17m
  4. Uncovering Security Bugs10m
  5. Using Static Analysis10m
  6. Pentesting Code: Learning from a Case Study15m


There are four technical skills required by security researchers, quality engineers, and developers concerned with software security: source code auditing, fuzzing, reverse engineering, and exploitation. With the understanding these four courses provide, you’ll be ready to move on to the advanced course in this path Advanced Malware Analysis: Combating Exploit Kits.

Security for Hackers and Developers: Code Auditing

by Dr. Jared DeMott

Aug 30, 2016 / 2h 2m

2h 2m

Start Course

Bugs in software can be very expensive issues that can arise from not thoroughly testing and re-testing your code. In this course, Security for Hackers and Developers: Code Auditing, you will learn about manual code pentesting and all about how a professional code auditor finds bugs in code. You'll mainly be focusing on C/C++, but the high level ideas apply to all languages. By going deep into the weeds on C and C++ code, learners will appreciate the depth and experience required to audit this and any language code. First you'll learn about code auditing tools and techniques, as well has why memory corruption happens and how to prevent it. Then you'll learn all about the newer bug types such as use-after-free, type confusion, and kernel double fetch. You'll wrap up the course by learning about the real-world vulnerabilities like Heartbleed and other critical browser bugs. By the end this course, you'll know how to audit code with confidence. You'll know how to spot bugs, understand why they're important, and architect modern protections.

Table of contents
  1. Course Overview1m
  2. Exploring C Program Details Related to Security29m
  3. Auditing C Code36m
  4. Exploring C++ Program Details Related to Security25m
  5. Auditing C++30m

Security for Hackers and Developers: Fuzzing

by Dr. Jared DeMott

Dec 14, 2016 / 2h 9m

2h 9m

Start Course

Bugs in software costs the economy billions of dollars each year. In this course, Security for Hackers and Developers: Fuzzing, you are going to turn the tide by learning how to find and fix critical bugs quicker. Hackers have long used a technique called fuzzing to find bugs and software makers must do the same. First, you'll learn about mutation and generation fuzzing. Next, you'll explore monitoring, parallel fuzzing, and in-memory fuzzing. Finally, the course will wrap up with you learning about feedback fuzzing. By the end this course, you'll know how to fuzz programs in multiple ways. You'll know the pros and cons of each technique, and be able to make wise choices for your security program.

Table of contents
  1. Course Overview1m
  2. Explaining Fuzz Testing25m
  3. Writing and Monitoring Mutation Fuzzers15m
  4. Using the Sulley Fuzzing Framework for Generation Fuzzing8m
  5. Learning the Peach Fuzzer14m
  6. Distributing Fuzz Test Cases14m
  7. Fuzzing APIs8m
  8. Fuzzing In-memory Code13m
  9. Learning Feedback Fuzzers: AFL and libFuzzer19m
  10. Applying Fuzzing Metrics9m

Security for Hackers and Developers: Reverse Engineering

by Dr. Jared DeMott

Mar 29, 2017 / 2h 4m

2h 4m

Start Course

In the prior courses we learned there are 4 main techniques to secure code: design review, static analysis, manual audit, and dynamic (fuzz) testing. But, once the code is fielded, hackers will begin researching exploits against it. In this course, learn how and why compiled binaries are examined and scoured for weaknesses, and why reversing is also a required malware analysis skill and is sometimes needed for low-level developers working with undocumented APIs. After watching this course you'll be familiar all of the above and with the popular IDA pro tool and how to use it. Download the IDA pro demo to complete the labs.

Table of contents
  1. Course Overview1m
  2. Using IDA Pro to Reverse Code30m
  3. Learning x86 and Calling Conventions23m
  4. Understanding C-to-Assembly and Compiled Structures13m
  5. Patching a Compiled Binary15m
  6. Reversing C++17m
  7. Extending IDA with Scripts22m

Security for Hackers and Developers: Exploit Development

by Dr. Jared DeMott

Sep 26, 2017 / 1h 47m

1h 47m

Start Course

With developers so overloaded, why should you prioritize security fixes? Because hackers are probably writing exploits against your product right now. You need to learn what that process entails to enable a deeper appreciation for the serious defenses needed. In this course, Security for Hackers and Developers: Exploit Development, you'll learn the ins and outs of how to write basic exploits. First, you'll explore control-flow hijacks such as function and return pointer overwrites. Next, you'll cover how to create and debug shellcode. Finally, you'll discover how to overcome common security mitigations using return-oriented programming (ROP). By the end of this course, you’ll know how to exploit programs with confidence, which gives you the skills to defend software, write exploits, or reverse engineer malware.

Table of contents
  1. Course Overview1m
  2. Auditing, Debugging, and Vulnerabilities24m
  3. Understanding a Function Pointer Overwrite13m
  4. Exploiting a Windows Server Using Shellcode32m
  5. Exploiting a Basic Browser Bug16m
  6. Applying Return-oriented Programming19m


In the final course in this path, you'll draw on the knowledge and skills you’ve learned in order to analyze and detect an advanced form of malware, exploit kits.

Advanced Malware Analysis: Combating Exploit Kits

by Dr. Jared DeMott

Jun 9, 2016 / 2h 23m

2h 23m

Start Course

Cyber-criminals are innovating faster than ever, and the cyber-crime industry caused the loss of hundreds of billions of dollars last year across the US and Europe alone. In this course, Advanced Malware Analysis: Combating Exploit Kits, you'll learn the skills you need to pull apart and analyze exploit kits (an advanced form of malware) with Dr. DeMott. First, you'll explore the tools and techniques you'll be using as well as analyze events collected by Bromium micro-VMs. Next, you'll work on unraveling the exploit kits--figuring out which ones were used, what they look like, how to decrypt them, and how to detect them in "the wild." Finally, you'll learn how to conduct safe dynamic analysis of these exploit kits, detect CNC communication, and share your analyses so that these problems can be remedied. By the end of this course, you'll not only have a better understanding of what exploit kits are and how to detect them, but you'll be able to analyze how they work and report them so that your data is safer than ever from cyber-crime.

Table of contents
  1. Course Overview1m
  2. Introduction16m
  3. Recognizing the Exploit Vector15m
  4. Unraveling Exploit Obfuscation13m
  5. Circumventing Exploit Kit Encryption11m
  6. Understanding Moving Target Communications8m
  7. Detecting Angler in the Wild9m
  8. Performing Safe Dynamic Analysis13m
  9. Analyzing Files Statically13m
  10. Reversing Malware with Debugging Tools18m
  11. Reversing Malware with IDA pro15m
  12. Customizing Reports: From Researchers to CISOs8m
Offer Code *
Email * First name * Last name *
Country *

* Required field

Opt in for the latest promotions and events. You may unsubscribe at any time. Privacy Policy

By activating this benefit, you agree to abide by Pluralsight's terms of use and privacy policy.

I agree, activate benefit