Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Changing and Unchanged Things in Vulnerability Research

OffensiveCon via YouTube

Overview

Explore the evolving landscape of vulnerability research in this keynote address from OffensiveCon23. Delve into the origins and motivations behind vulnerability research, examining both changing and unchanged aspects of the field. Learn about buffer overflow bugs, program analysis tools, and improved security strategies. Discover advanced fuzzing techniques and analyze real-world case studies, including CVE-2021-30737. Examine exploit mitigations, secure architectures, and 1-click attack steps. Investigate specific cases involving KPP, PAC in kernel and userland, and PPL. Gain insights into the offensive and defensive game of cybersecurity and ponder the future of vulnerability research. Review the Blackbird exploit, including its exploitation techniques and loading of SEPOS. Conclude with key takeaways to enhance your understanding of modern vulnerability research and exploitation techniques.

Syllabus

Intro
The origin of this talk
Motivations
Process
Post research
Bugs Buffer overflow
Program analysis tools
Improved security strategies
Develop advanced fuzzing
Case study - CVE-2021-30737
Execute arbitrary code
Exploit mitigations
Secure architectures
1-click attack steps
Case study - KPP
Case study - PAC in kernel
Case study-PAC in userland
Case study - PPL
Conclusions
Offensive and defensive game
What about the future?
Quick review of Blackbird
Exploits of Blackbird
Exploit from Checkrain
Loading SEPOS
Simple solution
Takeaways

Taught by

OffensiveCon

Reviews

Start your review of Changing and Unchanged Things in Vulnerability Research

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.