Zero Days, Thousands of Nights - The Life & Times of Zero-Day Vulnerabilities and Their Exploits

Zero Days, Thousands of Nights - The Life & Times of Zero-Day Vulnerabilities and Their Exploits

Black Hat via YouTube Direct link

The decision calculus is complicated

2 of 31

2 of 31

The decision calculus is complicated

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Zero Days, Thousands of Nights - The Life & Times of Zero-Day Vulnerabilities and Their Exploits

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 The decision calculus is complicated
  3. 3 We focus on characteristics of the vulnerabilities
  4. 4 Various groups search for vulnerabilities
  5. 5 BUSBY finds zero-day vulnerabilities, and develops exploits for them
  6. 6 Data stats: three main types of vulnerabilities
  7. 7 Vulnerability Sub-Type: Memory Corruption
  8. 8 Vulnerability Sub-Type: Memory Mismanagement
  9. 9 Vulnerability Sub-Type: Logic
  10. 10 Data stats: number of vulnerabilities per source code type
  11. 11 Data stats: number of vulnerabilities found and exploited, by vendor
  12. 12 Some other observations about the data
  13. 13 Exploit development time is relatively short
  14. 14 Mitigations have affected exploitability (e.g., heap vs stack overflow)
  15. 15 Exploit development career lengths vary
  16. 16 There are some caveats to our research
  17. 17 Life Status
  18. 18 About 1 in 6 of the alive are immortal
  19. 19 Patches killed most of the dead
  20. 20 Code revisions created a bunch of code refactored "zombies"
  21. 21 Longevity
  22. 22 We plotted the survival probability of our data
  23. 23 Average life expectancy is nearly 7 years
  24. 24 Do certain characteristics indicate a long or short life?
  25. 25 Does life expectancy or survival probability change over time?
  26. 26 Collision Rate
  27. 27 Clarity about time intervals is important
  28. 28 Implications and recommendations of findings
  29. 29 Our findings can help inform the retain vs. disclose discussions
  30. 30 Zero-days affect many sectors, and raise policy questions
  31. 31 Key findings

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.