|Chapter||Reading Time||Key Terms|
|Introduction||3 min||Be Excellent to Each Other!|
|What is ‘Hacking’ Anyway?||7 min||Abstraction, ingenuity, supply & demand|
|Estimating Vuln Impact||4 min||CVSS, vector, scope, remediation, …|
|Lifecycle of a Vuln||9 min||Fuzzing, reversing, write-what-where, shellcode, mitigations, bypassses, disclosure|
|Why Code Becomes Vulnerable||12 min||UAF, injection, forgery, overflow, …|
|Effects of Vulnerable Code||2 min||Privilege escalation, information disclosure, arbitrary code execution, denial of service|
|Household Names Demystified||15 min||Bluekeep, Curveball, Spectre, StageFright, …|
|Q&A with Sagi Tzadik||4 min||SIGRed|
|The Long Game & Conclusion||4 min||–|
[..] you’d be assaulted on all sides by colorful blinking lights [..]. On your left, someone’s built a human-size copy of Tetris out of cubic LEDs. On your right, someone’s running a lockpicking workshop. Above you a 3D-printed drone flies around in a circle [..]
Attempted description of CCC (Chaos Communication Congress)
The discovery of a high-impact vulnerability can equal money, power, prestige [..] there is an implicit wacky race of highly motivated [actors] vying to be first past the post.
Chances are, there are many possible sequences of bytes that could each compromise every Windows 10 machine in existence, and the world can only operate in a sane way by virtue of bliss ignorance.
The researcher is hoping for an enthusiastic “oh god, we have to fix this immediately”, but they aren’t always so lucky.
On the woes of coordinated disclosure
In certain situations, [overflow] produces a result that makes sense.
Not this specific situation, though. Now the process is convinced that some shopping
cart contains a negative two billion apples.
I usually describe my work to my friends as “Glorified QA.”