Vulnerability Research - Check Point Software

Dive into the world of vulnerability research

You’re curious, but taken aback by the cloud of terms to
memorize, processes to follow and names to know?
We’ve got you.

DOWNLOAD THE STUDY

Understand the Basics:

Is there a “hacker mindset”?
Who looks for vulnerabilities, and why?
How do we measure how “bad” a vulnerability is?
What hoops and hurdles are there until a patch is finally issued?
In what ways can code become vulnerable?
What are these “Bluekeep” and “Spectre” you’ve heard of?
What is it like being a vulnerability researcher, and what lies in the future for this field?

Vulnerability by Year

Vulnerability by year

DOWNLOAD THE STUDY

Vulnerability Research

Chapter	Reading Time	Key Terms
Introduction	3 min	Be Excellent to Each Other!
What is ‘Hacking’ Anyway?	7 min	Abstraction, ingenuity, supply & demand
Estimating Vuln Impact	4 min	CVSS, vector, scope, remediation, …
Lifecycle of a Vuln	9 min	Fuzzing, reversing, write-what-where, shellcode, mitigations, bypassses, disclosure
Why Code Becomes Vulnerable	12 min	UAF, injection, forgery, overflow, …
Effects of Vulnerable Code	2 min	Privilege escalation, information disclosure, arbitrary code execution, denial of service
Household Names Demystified	15 min	Bluekeep, Curveball, Spectre, StageFright, …
Q&A with Sagi Tzadik	4 min	SIGRed
The Long Game & Conclusion	4 min	–
Total	1 hr	–

DOWNLOAD THE STUDY

[..] you’d be assaulted on all sides by colorful blinking lights [..]. On your left, someone’s built a human-size copy of Tetris out of cubic LEDs. On your right, someone’s running a lockpicking workshop. Above you a 3D-printed drone flies around in a circle [..]
Attempted description of CCC (Chaos Communication Congress)

The discovery of a high-impact vulnerability can equal money, power, prestige [..] there is an implicit wacky race of highly motivated [actors] vying to be first past the post.

Chances are, there are many possible sequences of bytes that could each compromise every Windows 10 machine in existence, and the world can only operate in a sane way by virtue of bliss ignorance.

The researcher is hoping for an enthusiastic “oh god, we have to fix this immediately”, but they aren’t always so lucky.
On the woes of coordinated disclosure

In certain situations, [overflow] produces a result that makes sense.
Not this specific situation, though. Now the process is convinced that some shopping
cart contains a negative two billion apples.

I usually describe my work to my friends as “Glorified QA.”