The Layman's Guide to Zero-Day Engineering
Offered By: media.ccc.de via YouTube
Course Description
Overview
Explore the intricacies of zero-day exploit development in this 57-minute conference talk from the 35th Chaos Communication Congress (35C3). Demystify the exploit development lifecycle, gaining insight into the engineering process behind a zero-day exploit used against Apple Safari at PWN2OWN 2018. Learn about the analytical approach employed to attack unfamiliar software targets, contrast this process with CTF/Wargame challenges, and discover the path from casual enthusiast to security professional. Delve into topics such as bug hunting, source code review, common misconceptions about browser exploits, and the responsibilities of security researchers. Gain a comprehensive understanding of the challenges and methodologies involved in this increasingly difficult tradecraft, presented by experts Markus Gaasedelen and Amy (itszn).
Syllabus
Introduction
Welcome
Agenda
Rondon 2018
The Odds
How Long
No Upper Bound
Google Everything
Scope
Bad Components
Bug Hunting
Final Coverage
Source Review
Misconceptions
Misconception
Easytofind bugs
Browser exploits
CTFs
Ride the exploit development roller coaster
Responsibilities
Taught by
media.ccc.de
Related Courses
Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld SystemsVanderbilt University via Coursera Engineering Maintainable Android Apps
Vanderbilt University via Coursera Software Design as an Element of the Software Development Lifecycle
University of Colorado System via Coursera Secure Software Development
Pluralsight Secure Software Concepts for CSSLPĀ®
Pluralsight