My Journey Into 0-Day Binary Vulnerability Discovery in 2014
Author: Alisa Esage (Shevchenko)
While the IT security research hotspot migrates constantly towards new technologies, the demand for binary exploitation today is higher than ever before, as proven by this year’s pwn2own contest stakes and outcomes. The question that bothers many is thus whether it is still possible to discover new — and exploitable — vulnerabilities in widely deployed and extensively audited applications, given the nowadays reality of overwhelming tool base, research, computational power, and intelligence competition? The author says yes, and this is the report of her own journey on this way.
The presentation will detail into the author’s own approach to discovery of 0-day binary vulnerabilities, mostly based on fuzzing. Specific concepts and techniques, which worked (or failed), will be demonstrated. Finally, the root cause analysis of a few 0-day vulnerabilities will be presented, along with a few ideas to bypass exploitation mitigations.
Alisa “Esage” Shevchenko is a self-taught offensive security researcher. She has been running her own company Esage Lab since 2009; co-founded Neuron, a hackspace in Moscow. She used to be occupied with reverse engineering, malware analysis, antivirus bypassing, penetration testing, cyber forensics, black-box software and hardware security auditing. Her current research interest is discovery and exploitation of 0-day binary vulnerabilities. Alisa spoke at such conferences as RusCrypto 2009, RECon 2011, InfoSecurity 2012, and ZeroNights 2012; published her works in such magazines as InfoSecurity Russia, (IN)Secure, Hakin9, VirusBulletin, and No Bunkum.