Bug Hunting from zero to 0(day) to ($)0

Vulnerabilities discovery can be challenging for novice. In our talk, we will share the steps(and failure) we went through from beginner until finding 2 apple safari CVE (CVE-2019–8678,CVE-2019–8685)

In the first part of our talk, we will walkthrough some of the trick we used for target enumeration and corpus collection. Then ,we will share the steps we made to get the 2 CVE with public fuzzer. Lastly, we will go through the root cause analysis of these bugs and demonstrate how we do it for beginners.

Did you enjoy this post? Want to find out more about us? Contact us

Originally published at https://www.vxrl.hk on July 23, 2020.

VXRL Team is founded by group of enthusiastic security researchers, providing information security services and contribute to the community. https://www.vxrl.hk