This course aims to provide insights into the state of 0-day in-the-wild exploitation, focusing on understanding and protecting against unknown vulnerabilities. Participants will learn about the root cause analysis of 0-day exploits, exploit methodologies, vulnerability discovery techniques, and how to prioritize vulnerability research and exploit mitigations. The teaching method involves synthesizing data from 0-days exploited in 2020 and applying the learnings to enhance security measures in 2021. This course is intended for security professionals, technical experts, and individuals interested in cybersecurity and vulnerability management.
Overview
Syllabus
Intro
0-day exploit: an exploit targeting a vulnerability that defenders don't yet know about
Across the industry, incomplete patches are making it easier for attackers to exploit users with Odays.
Internet Explorer Jscript
Chrome v8 Type Confusion
Windows splwow64 arbitrary pointer dereference
Analyze patches for bugs we or others report • Variant analysis • Brainstorm mitigation strategies • Offer to work with vendors on patches • Incentivizing vendors for complete & comprehensive patches
We need correct & comprehensive patches for all vulnerabilities to make it harder for users to be exploited with Odays.
Taught by
USENIX Enigma Conference
