Presentation Material
Abstract
Software Zero-Day Discovery has been pursued by many researchers since the time software was first developed. Over the years, many researchers have shared their strategies, tools, etc., in the hope of aiding other researchers in the field. This talk covers several things critical in the whole Software Zero-Day Discovery approach, including: how to find recent 1-Day Zero-Day Vulnerabilities, how to select the targets and build/use them, how to find and build corpus for the selected targets, common methods involved in 0-Day discovery like fuzzing, and lastly how to find critical vulnerabilities by neither fuzzing nor reverse engineering. The talk also includes a live demo about recent critical vulnerabilities in a widely used product by a big vendor, and most importantly how they were discovered without reversing or fuzzing.