Hunting for bugs, catching dragons

Presented at 44CON 2019, Sept. 12, 2019, 9:30 a.m. (59 minutes).

While browser and plugin exploits are frequent, it’s less common to see exploits affecting targets without scripting capabilities. Are these worth attacking? How do we proceed? How do we identify valid entry points and bugs? This talk will cover some research done at Microsoft on Outlook and Exchange and discuss the results. Scary dragons will be spotted in this tour, hopefully you’ll catch some too.


Presenters:

  • Nicolas Joly
    Nicolas Joly is a security engineer at the MSRC in Cheltenham. He has more than 10 years of experience at reverse engineering and vulnerability discovery, and is now focused on finding and exploiting bugs at Microsoft. Prior to this, he used to hunt bugs for bounties and won several times pwn2own with Vupen Security.

Links:

Similar Presentations: