Hit Them Where It Hurts - Finding Holes in COTS Software

Explore the intricacies of finding vulnerabilities in Commercial Off-The-Shelf (COTS) software in this Black Hat USA 2001 conference talk presented by Halvar Flake. Delve into topics such as legal considerations surrounding the EU Directive and DMCA, trace input methodologies, and the ethical implications of black hat versus white hat hacking. Gain insights into powerful tools like IDA Pro and examine the technical aspects of format string theory and x86 assembly. Discover the potential weaknesses in CDNS Label and CSM Proxy Pro, equipping yourself with knowledge to identify and understand security flaws in widely-used software products.

Introduction
Outline
Questions
Legal Stuff
EU Directive
DMCA
Trace Input
Black Hat vs White Hat
IDA Pro
C
DNS Label
Format String Theory
X86 Assembly Recap
CSM Proxy Pro