Over the past 12 months, Project Zero has analyzed eleven 0-day vulnerabilities that were exploited in the wild. One of the very important parts of these analyses is to do a root cause analysis on the vulnerability that is being exploited. To identify the root cause vulnerability, we've employed a variety of techniques to varying degrees of success: binary patch diffing, putting the exploit sample into a test case minimizer, source code patch diffing, manually reverse engineering the exploit, and "bug hunting" based on known details of the exploit. Rather than discussing these exploited vulnerabilities in detail, this talk will instead cover the reverse engineering techniques to determine the vulnerability in the first place.
By Maddie Stone
Full Abstract & Presentation Materials: [ Ссылка ]
Ещё видео!