Focus Areas:
π Application Security
, π¦ Malware Analysis
, π― Penetration Testing
, π Vulnerability Management
Abstract
Software Zero [0]-Day Discovery has been pursued by many researchers since the time soft-wares were first developed. Over the years, many researchers have shared their strategies, tools, etc., in the hope of aiding others Researchers in the field in this Art. This talk is about several things Critical BUT Not Explained in the whole Software Zero-Day Discovery approach, such as the following: -
- How to find recent Zero-Day Vulnerabilities Details & their PoCs?
- Which Target to select and How to Build/Use them?
- How to find and build corpus for the Selected Targets?
- Brief Intro to the Common methods involved in 0Day Discovery like Fuzzing.
- LASTLY, How to find Critical Vulnerabilities by Neither Fuzzing Nor Reverse Engineering. ;) This talk would also include a “Live Demo” about some Recent Critical Vulnerabilities (in a Widely Used Product by a Big Vendor) I discovered, and most importantly “How I discovered them without Reversing or Fuzzing!!”