Revisiting past CVEs can be a useful tool for finding patterns, to increase our critical thinking, gain knowledge in techniques that have been previously used, and to increase our skills to eventually be able to contribute to the wider security community. In addition, when a known exploit currently exists for a CVE, and our experiments yield different results from the known exploit, we must practice our critical thinking skills to determine the discrepancies, and to determine if any unstated assumptions exist. The following talk outlines the motivation for revisiting past CVEs, and some strategies for developing our vulnerability hunting and exploit creation skills, in the context of CVE-2013-5576.
Sandra Escandor-O’Keefe (@s3scand0r) has been working in the tech industry for almost 7 years–5 years as a Software Developer, and close to two years as a Security Engineer, currently at Fastly. She enjoys learning about vulnerability scanning techniques, cryptography, and cloud security.