All Your (Data)base Are Belong To Us | @spaceraccoon

Getting Started in Vulnerability Research with Code Execution Bugs in Office Applications

Modern office applications support a wide variety of file formats, some of which have been around for decades. Parsing and processing these formats can often lead to trouble. This talk will demonstrate how you can get started in software vulnerability research by walking you through my journey in discovering and exploiting zero-days in office applications. Along the way, we will explore simple approaches to vulnerability research such as fuzzing, source code review, and reverse-engineering. The talk is targeted at researchers who are curious about binary exploitation and assumes minimal background knowledge.