0-day Research Disassembled

Presented at BSidesDC 2019, Oct. 27, 2019, 10:30 a.m. (50 minutes).

0-day vulnerability research is a hot topic these days. Adversaries, governments, and researchers all have their secret stash of 0-days. Bug bounty programs have become evermore popular. With a tuned skill set, anyone can get started hunting bugs. Some do it for fun. Others do it for cash. We do it for a living. It’s our passion.

How does one pick a target to research? How does one improve the success rate of finding a 0-day? What skills are required? How does one deal with setbacks? We will go over these and several other questions via selected case studies of 0-days we have found in various high profile products. We will discuss ~10 0-days that haven’t been disclosed (at the time of submission) and go over various scenarios showing how and why these were found.

In order to be a successful researcher, there is a broad skill set and knowledge base required. Additionally, the mindset of a security researcher is a key driver of success.

We outline these points alongside real life scenarios of our 0-day discoveries this year, demonstrating that with the proper methodology, luck, and determination, anyone can achieve similar results and help contribute to making the world more secure.


Presenters:

  • David Wells - Sr Research Engineer at Tenable
    David Wells entered the cybersecurity industry with a strong emphasis in Windows reverse engineering. As a former Malware Analyst, David uncovered intelligence on various ecrime groups and botnet telemetry through reverse engineering some of the most well known malware families down to individually targeted APT attacks. David now works on Tenable’s Zero Day Research team, uncovering new vulnerabilities.
  • Jimi Sebree - Sr Research Engineer at Tenable
    Jimi is a senior member of Tenable's Zero Day Research team. He bounces between research and development disciplines in an effort to appear knowledgeable about a variety of topics. Occasionally he succeeds in tricking someone into listening to him.
  • Chris Lyne - Sr Research Engineer at Tenable
    Chris is a member of Tenable's Zero Day Research team. He enjoys dissecting complex applications and lives for the hunt. Having written code in a multitude of programming languages, he has deep roots in software development, but his true passion is software security. Chris is an avid learner, and he is continuously evolving his skills, capabilities and methodologies. Chris believes any problem can be solved with knowledge, intelligent decisions, and sheer grit. Chris plays competitive tennis regularly in a league. Occasionally, he enjoys smacking a few golf balls around as well. When he’s not doing something active, Chris can probably be found reading a technical book or tasting craft beers.

Links:

Similar Presentations: