Explore the world of vulnerability research and code execution bugs in office applications through this 24-minute conference talk by @spaceraccoon from HackerOne. Dive into the speaker's journey of discovering and exploiting zero-days, learning about fuzzing, source code review, and reverse-engineering techniques. Gain insights into getting started with software vulnerability research, focusing on parsing and processing various file formats in modern office applications. Discover simple approaches to vulnerability research, suitable for researchers curious about binary exploitation, with minimal background knowledge required. Follow along as the speaker covers topics such as DBF documentation, fuzzing templates, triage mechanisms, and exploit examples, including a case study on Apache OpenOffice vulnerabilities and the disclosure process.
Overview
Syllabus
Introduction
Who am I
What is Vulnerability Research
What is VR
Skills required
Getting started in VR
DBF Documentation
Fuzzing Template
Triage Mechanism
Zero One Zero Editor
Exploit Example
Dumb Fuzzing
Apache Open Office
Inline Validation
Bypassing DEP and ASR
Rob Chains
Cve202133035
Disclosure
Patch
Summary
Announcement
Govtech Vulnerability Rewards
Outro
Taught by
HackerOne
