Bug Hunting from zero to 0(day) to ($)0

Vulnerabilities discovery can be challenging for novice. In our talk, we will share the steps(and failure) we went through from beginner until finding 2 apple safari CVE (CVE-2019–8678,CVE-2019–8685)

In the first part of our talk, we will walkthrough some of the trick we used for target enumeration and corpus collection. Then ,we will share the steps we made to get the 2 CVE with public fuzzer. Lastly, we will go through the root cause analysis of these bugs and demonstrate how we do it for beginners.

Did you enjoy this post? Want to find out more about us? Contact us

Originally published at https://www.vxrl.hk on July 23, 2020.

--

--

--

VXRL Team is founded by group of enthusiastic security researchers, providing information security services and contribute to the community. https://www.vxrl.hk

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
VXRL

VXRL

VXRL Team is founded by group of enthusiastic security researchers, providing information security services and contribute to the community. https://www.vxrl.hk

More from Medium

Future of Pentesting: 5 Tips to Improve App Security

Sublist3r: Enumerate subdomains of websites using OSINT

Tracking Location within 6 feet!

DeathNote 1[Vulnhub] Walkthrough