Explore the evolution of offensive security from CVEs to TTPs in this 53-minute conference talk. Delve into the concept of "it's not a vulnerability, it's a feature" and how attackers leverage built-in functionalities for malicious purposes. Learn about the Living off the Land Binaries and Scripts (LOLBAS) project and its focus on Microsoft-signed binaries. Discover how creating, sharing, and selling TTPs can benefit the cybersecurity community when vendors don't acknowledge certain functionalities as vulnerabilities. Gain insights from industry experts Bryson and Jorge as they discuss the maturation of offensive security techniques and the potential for monetizing feature-based exploits.
It's Not a Vulnerability, It's a Feature - Exploiting Built-in Functionality
Overview
Syllabus
Intro
Welcome
Introduction
Jorge
Bug bounties
First challenge
Two axes
Cyber defense matrix
Lowbass
Run dll32
Site Intro
Marketplace
Vulnerability is a feature
Demo
Building Community
Outro
Taught by
Bugcrowd
