Dive into the world of vulnerability research

You’re curious, but taken aback by the cloud of terms to
memorize, processes to follow and names to know?
We’ve got you.

DOWNLOAD THE STUDY

Understand the Basics:

  • Is there a “hacker mindset”?
  • Who looks for vulnerabilities, and why?
  • How do we measure how “bad” a vulnerability is?
  • What hoops and hurdles are there until a patch is finally issued?
  • In what ways can code become vulnerable?
  • What are these “Bluekeep” and “Spectre” you’ve heard of?
  • What is it like being a vulnerability researcher, and what lies in the future for this field?

Vulnerability by Year

Vulnerability by year

DOWNLOAD THE STUDY

Vulnerability Research

Chapter Reading Time Key Terms
Introduction 3 min Be Excellent to Each Other!
What is ‘Hacking’ Anyway? 7 min Abstraction, ingenuity, supply & demand
Estimating Vuln Impact 4 min CVSS, vector, scope, remediation, …
Lifecycle of a Vuln 9 min Fuzzing, reversing, write-what-where, shellcode, mitigations, bypassses, disclosure
Why Code Becomes Vulnerable 12 min UAF, injection, forgery, overflow, …
Effects of Vulnerable Code 2 min Privilege escalation, information disclosure, arbitrary code execution, denial of service
Household Names Demystified 15 min Bluekeep, Curveball, Spectre, StageFright, …
Q&A with Sagi Tzadik 4 min SIGRed
The Long Game & Conclusion 4 min
Total 1 hr

DOWNLOAD THE STUDY

[..] you’d be assaulted on all sides by colorful blinking lights [..]. On your left, someone’s built a human-size copy of Tetris out of cubic LEDs. On your right, someone’s running a lockpicking workshop. Above you a 3D-printed drone flies around in a circle [..]
Attempted description of CCC (Chaos Communication Congress)

The discovery of a high-impact vulnerability can equal money, power, prestige [..] there is an implicit wacky race of highly motivated [actors] vying to be first past the post.

Chances are, there are many possible sequences of bytes that could each compromise every Windows 10 machine in existence, and the world can only operate in a sane way by virtue of bliss ignorance.

The researcher is hoping for an enthusiastic “oh god, we have to fix this immediately”, but they aren’t always so lucky.
On the woes of coordinated disclosure

In certain situations, [overflow] produces a result that makes sense.
Not this specific situation, though. Now the process is convinced that some shopping
cart contains a negative two billion apples.

I usually describe my work to my friends as “Glorified QA.”

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK