YoVDO

It's Not a Vulnerability, It's a Feature - Exploiting Built-in Functionality

Offered By: Bugcrowd via YouTube

Tags

Offensive Security Courses Cybersecurity Courses Bug Bounty Courses Vulnerability Assessment Courses Exploit Development Courses

Course Description

Overview

Explore the evolution of offensive security from CVEs to TTPs in this 53-minute conference talk. Delve into the concept of "it's not a vulnerability, it's a feature" and how attackers leverage built-in functionalities for malicious purposes. Learn about the Living off the Land Binaries and Scripts (LOLBAS) project and its focus on Microsoft-signed binaries. Discover how creating, sharing, and selling TTPs can benefit the cybersecurity community when vendors don't acknowledge certain functionalities as vulnerabilities. Gain insights from industry experts Bryson and Jorge as they discuss the maturation of offensive security techniques and the potential for monetizing feature-based exploits.

Syllabus

Intro
Welcome
Introduction
Jorge
Bug bounties
First challenge
Two axes
Cyber defense matrix
Lowbass
Run dll32
Site Intro
Marketplace
Vulnerability is a feature
Demo
Building Community
Outro


Taught by

Bugcrowd

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network