c0c0n 2026

c0c0n is a 19 years old platform that is aimed at providing opportunities to showcase, educate, understand and spread awareness on Information Security, data protection, and privacy...

Venue & Date

Contact Us

  • Home
  • Trainings
  • The Art of Finding Bugs: Advanced Techniques in Vulnerability & 0-Day Research

The Art of Finding Bugs: Advanced Techniques in Vulnerability & 0-Day Research

c0c0n 3-Day Professional Training

The Art of Finding Bugs: Advanced Techniques in Vulnerability & 0-Day Research

Course Objective:

This workshop is designed to provide cybersecurity researchers with a deep understanding of the latest techniques for discovering and analyzing new vulnerabilities, including zero-day exploits. Participants will explore multiple avenues of vulnerability research, including:

  • New Vulnerabilities through Patch Diffing (Windows-focused): Analyzing patches to uncover security flaws in Windows binaries.
  • New Vulnerabilities through Code Review (Source Code): Identifying weaknesses in source code that could be exploited.
  • New Vulnerabilities through Fuzzing: Leveraging fuzzing frameworks to discover unexpected behavior in software.
  • New Vulnerabilities through Reverse Engineering: Using static and dynamic analysis techniques to uncover hidden vulnerabilities.

The workshop combines theoretical understanding, practical hands-on exercises, and real-world case studies to equip participants with both the knowledge and skills to conduct vulnerability research in complex systems.


Day 1:
Session 1: Introduction to methods for finding new Vulnerabilities
  • New Vulnerabilities through Code Review (Source Code)
  • New Vulnerabilities through Fuzzing
  • New Vulnerabilities through Reverse Engineering
  • New Vulnerabilities through Patch Diffing
Session 2: Introduction to Patch Diffing
  • Explaining MSRC Advisories
  • Introduction to Decompilers + Kernel-Mode Binaries
  • Introduction to BinDiff
Session 3: Preparing for Kernel Driver Reverse Engineering
  • Setting up tools for Hands On
  • Analyzing Driver Entry Point & Architecture
  • Talking to Driver from User Mode
Session 4: Hands On Kernel Driver Reverse Engineering
  • Analyzing the driver decompilation
  • Reverse Engineering the exposed interfaces for vulnerability research
  • Diffing the given driver with the patched version
  • Pinpointing the Vulnerability from Bindiff results.
  • Writing Crash PoC
Day 2
Session 1: Windows Kernel Architecture
  • Diagram of User Mode vs Kernel Mode
  • What is I/O request packets
  • What is IRQL
  • What are Kernel Objects
Session 2: Looking at kernel security mechanisms
  • What is the NX bit (Dont execute memory bit)
  • What is KPP / PatchGuard (Patch protection)
  • What is HVCI
  • What is SMEP/SMAP (Supervisor Mode Access Prevention)
  • What is DSE (Driver Signature Enforcement)
Session 3: Token Privileges & Critical Kernel Mode Structures
  • Overview of Windows Access Tokens
  • Kernel mode structure representation of objects
  • EPROCESS structure
  • KTHREAD structure
  • Token swapping
Session 4: Kernel Debugging & LPE proof of concept
  • Viewing kernel mode structures in WinDbg
  • Writing elevation of privilege PoC for token swapping
Day 3
Session 1: IoT Security, Architecture, Common IoT Vulnerabilities
  • Attack surfaces: Web interface, Network services (Telnet, SSH, HTTP), Hardware interfaces
  • Real CVE Case Studies
  • Tools Overview: Binwalk (firmware extraction), Firmware Mod Kit, Ghidra / IDA (intro), Burp Suite
Session 2: Embedded Exploitation & 0-day Discovery
  • Firmware analysis lifecycle: Extraction, Analysis, Exploitation
  • Types of IoT vulnerabilities: Buffer overflow in firmware, Command injection in web UI
  • 0-day discovery in IoT: Fuzzing APIs / services, Reverse engineering firmware
Session 3: Hands On Vulnerabilities Identification in: Network services, Web interface
  • Exploit findings like a real attacker
  • IoT Device VAPT – Network (HTTP / HTTPS (Web UI), Telnet / SSH, FTP / TFTP, MQTT, UPnP)
  • Web Exploitation (Weak authentication / no rate limiting, Hardcoded credentials, Command Injection, XSS / CSRF, File upload vulnerabilities, Hidden endpoints, Device Recon, Web Interface Testing, Exploitation)
Session 4: Hands on Reverse Engineering
  • Extract and analyze firmware images from embedded devices
  • Identify sensitive data and hidden weaknesses
  • Perform Fuzzing & Crash analysis
  • Perform basic reverse engineering
  • Firmware Analysis & 0-day Simulation
  • Build PoC- Identify: Input → Vulnerability → Impact
Pre-requisite:
  • Comprehensive understanding of C and x86-64 assembly
  • Comprehensive understanding of Win32 APIs
  • Intermediate understanding of Windows kernel driver architecture and APIs
  • Understanding of Vulnerability Types & Embedded Devices
Participants Requirements (Hardware / Software / Cloud Accounts, etc):

  • Laptop with Windows 10/11 (64-bit) for kernel experimentation
  • Administrative access on the machine
  • Installed virtualization software (VMware/VirtualBox)
  • Tools pre-installed: IDA/Ghidra, WinDbg, BinDiff, Fuzzing frameworks

Who should attend

Cybersecurity researchers, vulnerability analysts, and reverse engineers looking to deepen their expertise in Windows kernel and IoT vulnerability research.

What to expect:

  • Hands-on exercises in patch diffing, reverse engineering, and fuzzing
  • Kernel driver vulnerability discovery workflow
  • Practical insights into IoT security testing and firmware analysis
  • Exposure to real CVEs and case studies
  • Guided walkthroughs of vulnerability research methodology

What not to expect:

    The course does not cover:
  • Full step-by-step kernel exploit development
  • Advanced privilege escalation demonstrations
  • Proprietary exploits for live production systems
  • In-depth debugging of live production crashes

Trainer(s)

Dr. Parul Sindhwad

Dr. Parul Sindhwad

Director
Securenex Private Limited

Advait Pandya

Advait Pandya

Windows Security Researcher
CoE-CNDS, VJTI Mumbai

Aman Framewala

Aman Framewala

Security Researcher
CoE-CNDS, VJTI Mumbai

Training Information

  • Duration 3 Day Training
  • Dates 11th Oct, 2026 to 13th Oct, 2026
  • Time 09:30 IST - 17:30 IST
  • Venue Grand Hyatt, Bolgatty, Kochi, Kerala

Trainings

Oct 6–8 Pre-Conference
T1
Hook, Line, and Sinker: Exploring the Phishing Abyss
T2
Applied Infrastructure Security Assessment
T3
Creating Custom Tooling for Offensive Security after 2025 - Beyond Autopilot Pentesting
T4
Operational Open Source Intelligence (OSINT), From Online Data to Real-World Impact.
T5
AI Security Engineering Masterclass
T6
Practical AI Security: Attacking and Defending LLMs, Agents and MCP
T7
Practical Fuzzing: A Hands-On Learning Experience for Uncovering Vulnerabilities on Linux
T8
Attacking and Defending GitHub CI CD Pipelines
T9
Threat Tradecraft: Infrastructure Hunting & Malware Analysis
T10
Telecom Network Exploitation: Pentesting Across 4G/5G Stacks
T11
Hacking Android, iOS and IoT apps by Example - 2026 Edition
T12
Multi-Cloud Security (AWS, Azure, GCP) - AI Edition
T13
Red Team: Identity Exploitation & Nation-State Implant Tradecraft
T20
Invite Only (For Law Enforcement)
Oct 11–13 Post-Conference
T14
Hack the IoT
T15
Automotive Security in Practice: Exploitation, Risk Assessment & CAN IDS!
T16
HuntOps: From Telemetry to Adversary Detection
T17
HackTheWeb: Pentest Smarter with AI
T18
Weaponizing Defense: Attacking Windows 11 Kiosks Using Enterprise Hardening Solutions
T19
The Art of Finding Bugs: Advanced Techniques in Vulnerability & 0-Day Research

Register Now

PARTNERS

Industry Conference Partner

Bsides Bangalore