Explore strategies for developing vulnerability hunting and exploit creation skills through a 21-minute conference talk by Sandra Escandor-O'Keefe. Learn the value of revisiting past CVEs to identify patterns, enhance critical thinking, and gain knowledge of previously used techniques. Discover how to contribute to the security community by examining CVE-2013-5576 as a case study. Understand the importance of analyzing discrepancies between known exploits and experimental results, and uncover unstated assumptions in vulnerability research. Gain insights from Sandra's experience as a Security Engineer at Fastly and her background in software development. Follow along as she outlines approaches to reading security papers, setting up test environments, and conducting manual testing for file uploads and data manipulation.
Overview
Syllabus
Intro
About Sandra
Agenda
The Big Idea
Path to Technical Mastery
What I Suggest
How to Read a Paper
General Approach
Fundamental Concept
Overview
Test Environment
Ignore filename extensions
Manual testing
Post data
Allowable Array
Ignored Array
File Name Cleanup
Key Takeaways
CV followups
Taught by
0xdade
