Hunting for Zero Days in Large Applications - by Donavan Cheah скачать в хорошем качестве

Hunting for Zero Days in Large Applications - by Donavan Cheah

Speaker: Donavan Cheah, Senior Cybersecurity Consultant Zero-day vulnerabilities pose significant risks, yet the process of discovering them often seems elusive and complex. In this talk, I will share real-world insights from my experience hunting zero-days across large-scale applications, where I successfully identified over 60 critical vulnerabilities. The session will enable attendees to complete the lifecycle of zero-day hunting, from selecting the right targets and identifying potential attack surfaces to employing advanced fuzzing techniques for uncovering vulnerabilities. We’ll discuss practical strategies, challenges, and methodologies of the discovery process, focusing on efficiency and precision. Outcome from the talk : Identifying high-value targets in complex systems. Mapping and analyzing attack surfaces effectively. Leveraging fuzzing tools and techniques to uncover vulnerabilities. Navigating the reporting process and working with vendors for responsible disclosure. For more information about Infosec In the City, SINCON https://www.infosec-city.com/