How I Found 16 Microsoft Office Excel Vulnerabilities in 6 Months

Discover the process of uncovering 16 Microsoft Office Excel vulnerabilities in just 6 months through this insightful conference talk from the Hack In The Box Security Conference. Learn how to build an effective fuzzing framework step-by-step, including selecting fuzzing corpus, implementing mutation algorithms, and triaging results. Gain valuable insights into automating dialog box interactions, managing temporary files, and optimizing fuzzing strategies. Explore real-world examples of remote code execution and information disclosure vulnerabilities, and understand the process of reporting findings to Microsoft Security Response Center. Benefit from the speaker's extensive experience in security research and vulnerability discovery, including tips for overcoming common challenges in the fuzzing process.

Introduction
Quan Jin Introduction
Agenda
My story
Surviving
Candidates
Questions
Statistics
Excel
Visibility
File Types
distillation
fuzzy mutation
classification
synchronization
reproducer
manual check
bug id report
fuzzing equipment
problem list
dialog boxes
VMworld too fast
Speed of execution
File size
Virtual machine fuzzing
Processing inconsistencies
Filing strategies
Size of speed fire
How to manage crash files
Case 61461
Case 20201494
Case 202017126
Case 2020117
Case 2020118
Thanks