YoVDO

All Your -Data-base Are Belong To Us

Offered By: HackerOne via YouTube

Tags

H@cktivitycon Courses Reverse Engineering Courses Fuzzing Courses Binary Exploitation Courses

Course Description

Overview

Explore the world of vulnerability research and code execution bugs in office applications through this 24-minute conference talk by @spaceraccoon from HackerOne. Dive into the speaker's journey of discovering and exploiting zero-days, learning about fuzzing, source code review, and reverse-engineering techniques. Gain insights into getting started with software vulnerability research, focusing on parsing and processing various file formats in modern office applications. Discover simple approaches to vulnerability research, suitable for researchers curious about binary exploitation, with minimal background knowledge required. Follow along as the speaker covers topics such as DBF documentation, fuzzing templates, triage mechanisms, and exploit examples, including a case study on Apache OpenOffice vulnerabilities and the disclosure process.

Syllabus

Introduction
Who am I
What is Vulnerability Research
What is VR
Skills required
Getting started in VR
DBF Documentation
Fuzzing Template
Triage Mechanism
Zero One Zero Editor
Exploit Example
Dumb Fuzzing
Apache Open Office
Inline Validation
Bypassing DEP and ASR
Rob Chains
Cve202133035
Disclosure
Patch
Summary
Announcement
Govtech Vulnerability Rewards
Outro


Taught by

HackerOne

Related Courses

Leveraging Bug Bounties for Your Career
HackerOne via YouTube
Breaking VNC Clients with Evil Servers
HackerOne via YouTube
The Bug Hunter's Methodology - Application Analysis
HackerOne via YouTube
Vulnerabilities I've Found - The Fun, the Weird and the Technical
HackerOne via YouTube
Submitting High Quality Bug Bounty Reports - Tips from Behind the Curtain
HackerOne via YouTube