Explore the state of 0-day in-the-wild exploitation in this 23-minute conference talk from USENIX Enigma 2021. Delve into the world of unknown vulnerabilities and their exploitation, learning how defenders can protect against these elusive threats. Gain insights from Maddie Stone of Google Project Zero as she synthesizes findings from 0-day exploits detected in 2020, including root cause analyses, exploit methodologies, and ideas for improved detection and systemic fixes. Discover the importance of comprehensive patching and how incomplete fixes can inadvertently aid attackers. Examine specific case studies involving Internet Explorer Jscript, Chrome v8 Type Confusion, and Windows splwow64 arbitrary pointer dereference. Learn about strategies for variant analysis, mitigation brainstorming, and collaborating with vendors to enhance patch quality. Understand the critical role of correct and comprehensive patches in making it harder for attackers to exploit users with 0-days.
Overview
Syllabus
Intro
0-day exploit: an exploit targeting a vulnerability that defenders don't yet know about
Across the industry, incomplete patches are making it easier for attackers to exploit users with Odays.
Internet Explorer Jscript
Chrome v8 Type Confusion
Windows splwow64 arbitrary pointer dereference
Analyze patches for bugs we or others report • Variant analysis • Brainstorm mitigation strategies • Offer to work with vendors on patches • Incentivizing vendors for complete & comprehensive patches
We need correct & comprehensive patches for all vulnerabilities to make it harder for users to be exploited with Odays.
Taught by
USENIX Enigma Conference
