Professional Vulnerability Research And Analysis presented at KiwiCon 2009

by Chris Spencer (iDefense ),

Tags: Security

Summary : This presentation will take an inside look at how professional day to day vulnerability analysis and research is conducted within a typical Vulnerability Research Team.
Some topics that will be covered include:
- Techniques and tools used to analyze Microsoft binary patches.
- Static binary analysis and vulnerability code path identification.
- Proof-of-concept exploit development.
- Tools and techniques used for debugging vulnerability related crashes.
- Reliable exploit development.
- 0day discovery including binary analysis, fuzz-testing and source code analysis.
Real life vulnerability examples will be used along the way to demonstrate the techniques used in our daily work. This presentation may be of interest to anyone interested in vulnerability research or those who are planning to follow a career in this field.