Professional Vulnerability Research and Analysis presented at AUScert 2010

by Chris Spencer,

Summary : This presentation will take an inside look at how day to day vulnerability analysis and research is conducted within a typical Vulnerability Research Team.
Some topics that will be covered include:
- Techniques and tools used to analyse Microsoft binary patches.
- Static and dynamic binary analysis and vulnerability code path identification.
- Proof-of-concept exploit development.
- Tools and techniques used for debugging vulnerability related crashes.
- Vulnerability discovery via binary analysis and source code analysis
A Whirlwind tour of the techniques that we use in our daily work will be presented in the form of demonstration. The demonstration will cover the steps involved in taking a Microsoft patch and turning it into a working remote kernel exploit. This presentation may be of interest to anyone currently working in the vulnerability research field, or those who are planning to follow a career in this field.