This helped to simplify my fuzzing templates rather than dealing with nested file containers and reduced the amount of complexity when conducting root cause analysis. I needed to select a file format that was not simply a ZIP file in disguise, (e.g. However, not all file formats are created equal. Overall, it is a good way to get started in vulnerability research.
Lastly, file format fuzzing tends to be much simpler to set up than protocol fuzzing. Furthermore, common file formats are well-documented by Request for Comments (RFCs) or open-source code, reducing the amount of effort required to reverse-engineer the format. Firstly, as a beginner, I lacked the experience to quickly identify unique attack vectors in individual applications, whereas file format parsing tends to be a common entrypoint among many applications.
There are two main advantages to this approach. One piece of advice I received early in the vulnerability research journey was to focus on a file format, not a specific piece of software. In part two, I will disclose additional vulnerabilities that I discovered via coverage-guided fuzzing - including CVE-2021–38646: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability. I will also discuss some management aspects of vulnerability research such as CVE assignment and responsible disclosure. I will outline my approach to getting started in vulnerability research including dumb fuzzing, coverage-guided fuzzing, reverse engineering, and source code review. This two-part series will share how I got started in vulnerability research by discovering and exploiting code execution zero-days in office applications used by hundreds of millions of people. Coming from a background in primarily web and application security, I had to shift my hacking mindset towards memory corruption vulnerabilities and local attack vectors. Venturing out into the wilderness of vulnerability research can be a daunting task. All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021–33035) Introduction
0 kommentar(er)
