Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

A 'Zero Day' references a previously unknown vulnerability. The term 'Zero Day' typically references to something in a really popular product such as Nginx, Chrome or the iPhone.

This talk goes into the process and expectations when attempting to hunt for Zero Days in the wild. They squash many misconceptions and give lots of helpful tips. I will list what stood out to me below...

Fuzzing - Shoot for about 60% code coverage. The real vulnerabilities come out of those last few percentage points of coverage. If you found a bug in 5 minutes, it is likely that someone else found it in 4.

Source code analysis - Can find much deeper bugs with added complexity, as opposed to fuzzing. However, this requires a very deep understanding of the code base as a whole.

Choose a section of the code base to attack. If something has 3 million lines of code this can feel overwhelming. By thinking about what sections are hard to implement and previously have had bugs you will find a good target. Depth vs breadth.

Find where the user input goes. This is what you control; this will likely lead you to the vulnerable sections.

Setup dynamic analysis. This will give you the ability to easily debug what is happening and figure out where the bug actually is. If you do not understand something, hook it up to a dynamic debugger to see how it works in action.

How to get into this? CTF's can be helpful but can be focused on very esoteric pieces of knowledge. So, the second speaker recommends diving into exploits on the same platform that you are attacking. Walk through them, write them yourself and do as much recon as possible.

Success hides behind "what is the dumbest thing that could possibly work?" Do not over complicate things.