0-day Research Disassembled

Presented at BSidesDC 2019, Oct. 27, 2019, 10:30 a.m. (50 minutes)

0-day vulnerability research is a hot topic these days. Adversaries, governments, and researchers all have their secret stash of 0-days. Bug bounty programs have become evermore popular. With a tuned skill set, anyone can get started hunting bugs. Some do it for fun. Others do it for cash. We do it for a living. It’s our passion.

How does one pick a target to research? How does one improve the success rate of finding a 0-day? What skills are required? How does one deal with setbacks? We will go over these and several other questions via selected case studies of 0-days we have found in various high profile products. We will discuss ~10 0-days that haven’t been disclosed (at the time of submission) and go over various scenarios showing how and why these were found.

In order to be a successful researcher, there is a broad skill set and knowledge base required. Additionally, the mindset of a security researcher is a key driver of success.

We outline these points alongside real life scenarios of our 0-day discoveries this year, demonstrating that with the proper methodology, luck, and determination, anyone can achieve similar results and help contribute to making the world more secure.

Presenters:

• Chris Lyne - Sr Research Engineer at Tenable
  Chris is a member of Tenable's Zero Day Research team. He enjoys dissecting complex applications and lives for the hunt. Having written code in a multitude of programming languages, he has deep roots in software development, but his true passion is software security. Chris is an avid learner, and he is continuously evolving his skills, capabilities and methodologies. Chris believes any problem can be solved with knowledge, intelligent decisions, and sheer grit. Chris plays competitive tennis regularly in a league. Occasionally, he enjoys smacking a few golf balls around as well. When he’s not doing something active, Chris can probably be found reading a technical book or tasting craft beers.
• Jimi Sebree - Sr Research Engineer at Tenable
  Jimi is a senior member of Tenable's Zero Day Research team. He bounces between research and development disciplines in an effort to appear knowledgeable about a variety of topics. Occasionally he succeeds in tricking someone into listening to him.
• David Wells - Sr Research Engineer at Tenable
  David Wells entered the cybersecurity industry with a strong emphasis in Windows reverse engineering. As a former Malware Analyst, David uncovered intelligence on various ecrime groups and botnet telemetry through reverse engineering some of the most well known malware families down to individually targeted APT attacks. David now works on Tenable’s Zero Day Research team, uncovering new vulnerabilities.

Links:

• https://bsidesdc2019.busyconf.com/schedule#activity_5cc20c820dda482a810001ef

Similar Presentations:

• BSides Austin 2016 / If You Can't Beat 'Em, Join 'Em: Tips For Running a Successful Bug Bounty Program
• DEF CON 29 (2021) / 2021 - Our Journey Back To The Future Of Windows Vulnerabilities and the 0-days we brought back with us
• BSidesSF 2014 / A Day In The Life (Of A Security Researcher)