YoVDO

Hunting for Bugs, Catching Dragons

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Exploit Development Courses Bug Hunting Courses Attack Surface Analysis Courses

Course Description

Overview

Explore the world of email client and server vulnerabilities in this 43-minute Black Hat conference talk. Delve into research conducted at Microsoft on Outlook and Exchange, uncovering potential attack vectors and bugs in targets without scripting capabilities. Learn about identifying valid entry points, understanding the attack surface, and discovering "scary dragons" in email exploits. Examine specific vulnerabilities such as RTF issues, audio objects, invoke monikers, and Windows chat links. Gain insights into bug fixes, common marshalling techniques, and Exchange-specific vulnerabilities. Equip yourself with knowledge to hunt for bugs and catch dragons in email security landscapes.

Syllabus

Introduction
Email Exploits
Attack Surface
Why Im doing this
TAF
RTF Issues
Video Interrupt
Audio Objects
Invoke monikers
Windows chat links
Video controller
Bug fixes
Common marshalling
Exchange
XR PCM
PostReply
Conclusion


Taught by

Black Hat

Related Courses

Burp Suite - Basic Concepts for Web Pentesting
YouTube Rawr - Rapid Assessment of Web Resources
YouTube Analyzing & Breaking QNX Exploit Mitigations and PRNGs for Embedded Systems
Black Hat via YouTube Fuzzing File System Implementations to Uncover Security Bugs
Hack In The Box Security Conference via YouTube Building an AppSec Program from the Ground Up - An Honest Retrospective
LASCON via YouTube