Announcing our First (and only!) Public Training of the Year: The Nordic Security Conference, August 26th - 28th

Despite saying it was highly unlikely we'd do a public training this year, the promise of eating colourful seabirds has won me over! I'm happy to announce that "Advanced Tool Development with SMT Solvers" will be hosted at NSC from the 26th to the 28th of August. This is going to be the only public course we teach this year, so if you're interested in understanding and extending the tech & research behind modern program analysis tools you should sign up while you can!

As this is something of a once-off, we've also decided to offer a discount of ~10% over our usual fee to all attendees of NSC. So, for $3000, you get two awesome things 1) Great program analysis training and 2) an environment where it isn't frowned upon to bury a fish for 12 weeks before consumption. What more could you want? Sign up now or contact us with any questions.

ooking forward to seeing you there!

- Sean (@seanhn)

Trainings: If you're interested in organising one in 2013, book soon!

I'm pleased to say our trainings have been popular so far, so popular in fact that they're essentially booked out until September! That's the first update: if you're interested in organising a class in 2013 then it's probably better to do it sooner rather than later as the number of slots remaining are quite limited.

pdate #2 is that we've made some improvements and changes to the tool development class. Two points are worth mentioning. First, we've decided to focus the class more on symbolic methods (SAT/SMT solvers, symbolic execution, whitebox fuzzing etc) at the expense of abstract interpretation (AI) and dataflow (DFA) analysis. These areas are more practically interesting in my opinion, and the current state of the art shows more promise for the types of tasks we're interested in. We've removed the material on AI and DFA for now, which allows us to change the class to be 3 days in length instead of 4.  It also allows us to add new material on intermediate languages, as well as a bunch of new exercises across all topics. 

The current metrics for that class are something like 500+ slides and 40+ exercises! It's intense, but I guess going from propositional logic to the state of the art in symbolic program analysis techniques in 3 days is probably going to be that way =)

- Sean (@seanhn)

Our 2013 Training Prospectus is Online

I'm happy to announce that in 2013 we'll be offering three different classes. You can get a high level overview here, and a detailed syllabus by sending a mail to*. In summary, they are:

  • C & C++ Auditing for Professionals: Strategy, Tactics & Techniques (5 days)
  • Binary Auditing for Professionals: Strategy, Tactics & Techniques (5 days)
  • SMT Solvers, Static Analysis, and Advanced Tool Development (4 days)

I'm looking forward to teaching them all, but out of the three I'm most excited about the last. I think it's a fairly unique class and should give students a solid introduction the more useful research topics in program analysis, as well as hands-on experience in developing implementations of the various algorithms covered. We'll also spend time discussing some of the larger problems that still exist when trying to integrate this research into tools for RE and bug finding. 

The other two are also designed to take a slightly different approach to teaching code auditing. Instead of just focusing on enumerating bug categories, the content includes quite a bit of material on actually organising yourself during an audit, prioritising target components for review, and developing good habits to ensure reliable and repeatable results. 

On the less interesting side of things, i.e. administrative details, we're currently only offering the classes to private organisations and government clients. If you'd like to enquire about booking a class, or to receive a more detailed syllabus, send a mail to That said, we are considering putting on an open class in either the UK or the US at some point next year. If you're interested, send a mail to the same address mentioning which class(es) you'd be interested in taking, and which country. If the various moons align, we will probably hold that class during the summer of next year.

- Sean (@seanhn)

* As mentioned above, we're currently only offering the classes to private organisations and government clients.