YoVDO

Hunting for Bugs, Catching Dragons

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Exploit Development Courses Bug Hunting Courses Attack Surface Analysis Courses

Course Description

Overview

Explore the world of email client and server vulnerabilities in this 43-minute Black Hat conference talk. Delve into research conducted at Microsoft on Outlook and Exchange, uncovering potential attack vectors and bugs in targets without scripting capabilities. Learn about identifying valid entry points, understanding the attack surface, and discovering "scary dragons" in email exploits. Examine specific vulnerabilities such as RTF issues, audio objects, invoke monikers, and Windows chat links. Gain insights into bug fixes, common marshalling techniques, and Exchange-specific vulnerabilities. Equip yourself with knowledge to hunt for bugs and catch dragons in email security landscapes.

Syllabus

Introduction
Email Exploits
Attack Surface
Why Im doing this
TAF
RTF Issues
Video Interrupt
Audio Objects
Invoke monikers
Windows chat links
Video controller
Bug fixes
Common marshalling
Exchange
XR PCM
PostReply
Conclusion


Taught by

Black Hat

Related Courses

CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent Reverse Engineering and Exploit Development
Udemy Penetration Testing: Advanced Kali Linux
LinkedIn Learning Linux x86 Assembly and Shellcoding
Udemy Python : Sıfırdan İleri Seviyeye - Etik Hacker Örnekleriyle
Udemy