YoVDO

Hunting for Bugs, Catching Dragons

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Exploit Development Courses Bug Hunting Courses Attack Surface Analysis Courses

Course Description

Overview

Explore the world of email client and server vulnerabilities in this 43-minute Black Hat conference talk. Delve into research conducted at Microsoft on Outlook and Exchange, uncovering potential attack vectors and bugs in targets without scripting capabilities. Learn about identifying valid entry points, understanding the attack surface, and discovering "scary dragons" in email exploits. Examine specific vulnerabilities such as RTF issues, audio objects, invoke monikers, and Windows chat links. Gain insights into bug fixes, common marshalling techniques, and Exchange-specific vulnerabilities. Equip yourself with knowledge to hunt for bugs and catch dragons in email security landscapes.

Syllabus

Introduction
Email Exploits
Attack Surface
Why Im doing this
TAF
RTF Issues
Video Interrupt
Audio Objects
Invoke monikers
Windows chat links
Video controller
Bug fixes
Common marshalling
Exchange
XR PCM
PostReply
Conclusion


Taught by

Black Hat

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network