how to find zero day vulnerabilities
TRANSCRIPT
![Page 1: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/1.jpg)
Day
How to
Vulnerabilities
![Page 2: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/2.jpg)
Meet ...
Imran Raghu&
![Page 3: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/3.jpg)
They work as ...
Web application security engineers
![Page 4: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/4.jpg)
They train people in ...
![Page 5: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/5.jpg)
They also contribute to...
Null Open Security Community
![Page 6: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/6.jpg)
And to ...
Open Web Application Security Project
![Page 7: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/7.jpg)
OK, Lets start
![Page 8: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/8.jpg)
Before we do that ..
![Page 9: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/9.jpg)
The following presentation can cause severe exposure to high octane gyan
(knowledge) and could leave participants exhausted with wild ideas
![Page 10: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/10.jpg)
Also You may end up in ...
![Page 11: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/11.jpg)
![Page 12: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/12.jpg)
With lots of ...
![Page 13: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/13.jpg)
![Page 14: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/14.jpg)
and
![Page 15: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/15.jpg)
![Page 16: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/16.jpg)
And of course, Knowledge ...
![Page 17: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/17.jpg)
Ok, Lets begin
![Page 18: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/18.jpg)
What is Zero day ? Zero-day attacks occur during the
vulnerability window that exists in the time between when a vulnerability is first exploited and when software developers start to develop a counter to that threat
Source : wikipedia
![Page 19: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/19.jpg)
Vulnerabilities in famous applications
![Page 20: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/20.jpg)
Vulns in Drupal
![Page 21: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/21.jpg)
Vulns in Wordpress
![Page 22: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/22.jpg)
Vulns in Joomla
![Page 23: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/23.jpg)
How its generally done ?
Source code AuditingFuzzing
Target : 0 day vulnerability
![Page 24: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/24.jpg)
Methodology
![Page 25: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/25.jpg)
Know your enemy
![Page 26: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/26.jpg)
Set up the Attacking environment
![Page 27: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/27.jpg)
Study the architecture
![Page 28: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/28.jpg)
Source Code Auditing
![Page 29: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/29.jpg)
Requirements
![Page 30: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/30.jpg)
Lots and lots of patience
![Page 31: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/31.jpg)
Attitude of
![Page 32: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/32.jpg)
Notebook and Pen ;)
![Page 33: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/33.jpg)
Source code Auditing
Analyze the entry points Identify vulnerable Functions Analyze Input Validations. Cross check the findings
![Page 34: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/34.jpg)
The entry points
![Page 35: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/35.jpg)
More ...
![Page 36: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/36.jpg)
Few more ...
![Page 37: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/37.jpg)
Exec call
![Page 38: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/38.jpg)
RIPS output
![Page 39: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/39.jpg)
![Page 40: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/40.jpg)
What is Fuzzing ?
Fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Fuzzing is commonly used to test for security problems in software or computer systems.
![Page 41: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/41.jpg)
What exactly it is ?
1. No Rules for fuzzing
2. No guarantee for fuzzing
![Page 42: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/42.jpg)
Fuzzing Methods
1. Sending random data
2. Manual protocol mutation
3. Bruteforce testing
4. Automatic protocol generation testing
![Page 43: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/43.jpg)
Fuzzing life cycle
1. To find bug
2. To find 0 day/write exploit
3. Fuzzer death
![Page 44: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/44.jpg)
Fuzzing process
1. Identify target
2. Identify inputs
3. Generate fuzz data
4. Execute fuzz data
5. Monitor for exceptions
6. Determine exploitability
![Page 45: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/45.jpg)
Fuzzing Payloads Find the entry points SQL Injection XSS CSRF Command Injection Click Jacking with Drag and drop
![Page 46: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/46.jpg)
JBroFuzz
![Page 47: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/47.jpg)
Tools for Source code auditing
The mighty grepRIPSRATS
![Page 48: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/48.jpg)
Tools for Fuzzing
JBroFuzz
Burp Suite
WebScarab
![Page 49: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/49.jpg)
Further Reading
[1]. OWASP Testing Guide
[2]. OWASP Development Guide
[3]. OWASP.org
![Page 50: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/50.jpg)
So you know now* what is a zero day ?
* what is the methodology used ?
* Information gathering of the application or product
* Discovered or previous vulnerabilities of product
* Study the architecture of product
![Page 51: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/51.jpg)
* Identify the input points
* Source code review
* Source code review (one demo) demo of RIPS and grep
* Fuzzing
* Fuzzing (one demo) demo of JBroFuzz
* Tools used for code review and Fuzzing
![Page 52: How to find Zero day vulnerabilities](https://reader034.vdocuments.net/reader034/viewer/2022042716/55a5f3db1a28abf13d8b47c3/html5/thumbnails/52.jpg)
Questions ?
हकैर हकै्या ? हकैर