Fail Harder - Finding Critical 0-Days in Spite of Ourselves

Explore the challenging journey of vulnerability researchers and bug hunters in this 38-minute Black Hat conference talk. Delve into the often-overlooked aspects of failure and persistence that lead to discovering critical zero-day vulnerabilities. Learn from real-world examples involving patient monitors, Belkin Wemo Insights Plug, Delta entilibus Building Controller, and Azure Sphere. Gain insights into effective practices such as clean solder work, high-tech approaches, and using Slack for project documentation. Understand the complexities of fuzzing, vendor disclosure, and conference submission feedback. Discover the importance of brute-forcing passwords, treating code as documentation, and managing burnout in the pursuit of uncovering critical security flaws across multiple projects.

black hat
Patient Monitor
Belkin Wemo Insights Plug
Delta entilibus Building Controller
Azure Sphere
Clean solder work
High-tech approach
Slack == Project Documentation
Brute force the password!!!
Code is documentation....
Fuzzing is hard
Vendor Disclosure
Conference Submission Feedback
Watch out for burnout