The Layman's Guide to Zero-Day Engineering
Offered By: media.ccc.de via YouTube
Course Description
Overview
Explore the intricacies of zero-day exploit development in this 57-minute conference talk from the 35th Chaos Communication Congress (35C3). Demystify the exploit development lifecycle, gaining insight into the engineering process behind a zero-day exploit used against Apple Safari at PWN2OWN 2018. Learn about the analytical approach employed to attack unfamiliar software targets, contrast this process with CTF/Wargame challenges, and discover the path from casual enthusiast to security professional. Delve into topics such as bug hunting, source code review, common misconceptions about browser exploits, and the responsibilities of security researchers. Gain a comprehensive understanding of the challenges and methodologies involved in this increasingly difficult tradecraft, presented by experts Markus Gaasedelen and Amy (itszn).
Syllabus
Introduction
Welcome
Agenda
Rondon 2018
The Odds
How Long
No Upper Bound
Google Everything
Scope
Bad Components
Bug Hunting
Final Coverage
Source Review
Misconceptions
Misconception
Easytofind bugs
Browser exploits
CTFs
Ride the exploit development roller coaster
Responsibilities
Taught by
media.ccc.de
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube