Schedule

Friday 1 November

09:50

Registration

Arrive to the Google office at 09:50 for the workshop check in.

10:15–10:30

Introduction

The opening session

10:30–12:00

Track A: Binary Vulnerabilities

by Ari Krakauer

  • Basics of binary vulnerabilities
  • Intro to assembly and shellcode writing
  • Stack overflows and how to exploit them (get your first root shell here!)
  • Return to libc
  • Intro to modern defenses and exploitation methods

10:30–12:00

Track B: Android Applications Hacking

by Olivier Tuchon

  • Anatomy of an APK
  • Static and Dynamic Analysis with open source tools
  • Hands-on exercises (CTF like)

12:00–13:00

Lunch

at Google office

Free food is the best food.

13:00–18:00

Track A: Binary Vulnerabilities

(Continuation)

13:00–15:30

Track B: Android Applications Hacking

(Continuation)

15:30–16:00

Track B: Life of a Security Engineer

by Geta Sampemane

Security covers a wide range of topics, but what do security engineers actually do on a daily basis? This talk describes some of the possibilities, with a focus on prevention rather than attack or response.

16:00–17:00

Track B: Life at Google. Opportunities for students

by Lindsay Taub 

Learn more about Google's internship program, scholarships and full-time roles for recent grads, and best practices for submitting your application. There are lots of ways to prepare for technical interviews, including taking part in Google's Coding Competitions (g.co/codingcompetitions). The session will end with some information about the programming contests we run and how to get involved.

17:00–17:30

Track B: The Google Vulnerability Reward Programs

by Jan Keller 

How to hack Google and get paid for it.

17:30–18:30

Track B: Hardware Hacking

by Łukasz Siewierski 

This is an introductory course to hardware "hacking". We will take a look at one commercially available device and learn how to:

  • Assess the device components.
  • Locate interesting elements on the PCB.
  • Connect to the serial console.
  • Understand bootloader.
  • Reverse engineer the firmware to gain root access.

18:30–19:30

Dinner

at Google office

What could be better than free food? More free food!

Saturday 2 November

09:50

Registration

Yes, you need to come for the registration every day.

10:00–12:30

Track A: Web Security

by Conrad Grobler

The workshop will provide an overview of web security principles and security testing:

  • Basics of web security
  • Web security testing tools
  • Hands-on exercises to find and exploit common vulnerabilities
  • How to defend against these vulnerabilities

12:30–13:00

Track A: Visit CTF finals

just across the atrium

See how pros play Google CTF finals.

Track B folks — you'll also have a chance to see CTF Finals, during lunch time.

10:00–13:00

Track B: Fuzzing

by Andrew Whalley and Alex Gough

Learn how throwing random data at programs finds bugs, and how to use the tooling that makes it easy.

  • Get an introduction to the history of fuzzing, and find bugs in early web browsers with random HTML.
  • Hands on with libFuzzer, an advanced fuzzing framework used by many large projects.
  • Write a fuzzer that catches the Heartbleed bug!
  • Learn how you can use fuzzing to help open source projects, and get cash money from VRPs.

13:00–14:00

Lunch

at Google office

Just as you thought it can't get any better... Free lunch with security pros!

14:00–18:00

Track A: Web Security

(Continuation)

14:00–18:00

Track B: Android Applications Hacking

(Repetition of Friday's Android Applications Hacking workshop)

18:00–19:00

Dinner

at Google office

Sunday 3 November

09:50

Registration

Get your daily visitor badge

10:00–11:00

Interview Training

What to expect, and how to prepare for the Google interview.

11:00–11:30

Ask me anything

You ask your security-related questions and we'll try to answer.

11:30–12:00

Visit CTF Finals

The second (and the last) day of Google CTF finals.

12:00–13:00

Lunch

at Google office

You know the drill...

13:00–13:30

Hiring at Google

by Derek Sickles

  • Path to navigating Google's hiring process
  • Different roles related to Security Engineering and Software Engineering (with an emphasis on Security/Privacy)
  • Interview Preparation and Tips
  • Open Q&A

13:30–18:30

Wargames

by you

Go hack some stuff, we'll help you.

19:00–22:00

Networking & CTF Awards ceremony

by all of us

Observe Google CTF prize-giving, chat with people. Food and drinks will be provided.