2

As a developer of multiple standalone apps (Web-/Native apps) I am wondering, what things I should keep in mind / what are typical approaches of a blackhat (besides of these scriptkiddies checking for sql injection etc.) to identify such vulnerabilities.

During my web research I only found very broad information and no detail on how a blackhat actually finds a zero day vulnerability.

Regardless network/phishing/social engineering vulnerabilities.

I'd like to know what is the approach to find a zero day exploit/vulnerability and how can I, as a developer, make my software more consistent?

Johnny
  • 1,051
  • 5
  • 19
0x2E5
  • 21
  • 1
  • Seems like you are asking generally about: 1) exploiting software; 2) building secure software. On these topics, I like Gary McGraw's textbooks. For example: 1) "Exploiting Software: How to Break Code"; 2) "Software Security: Building Security In." He has other books as well, e.g., regarding online games, etc. – hft May 10 '18 at 02:31
  • @hft this is not the essence of my questions, but also covers it somehow. I'd like to know the approaches *blackhats* are using to find such 0day exploits, imho I think I can prevent way better from attacks than just writing *"safe"* code – 0x2E5 May 10 '18 at 02:36
  • 2
    Blackhats often look for APIs that parse complex data or which deal with privileged actions, etc. and then either read the source code or disassembly for that component, or fuzz it. – forest May 10 '18 at 08:00
  • Typically, reverse engineering the binary and performing static analysis, checking for the use of vulnerable functions or just poorly-implemented logic. Fuzz testing and dynamic analysis tend to come next. – Henry F Oct 15 '18 at 02:26

2 Answers2

1

I'd like to know what is the approach to find a zero day exploit/vulnerability and how can I, as a developer, make my software more consistent?

Learn and understand fuzzing techniques if your goal is to develop your skills in finding zero day vulnerabilities in your software (and other software)

From Wikipedia:

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks -https://en.wikipedia.org/wiki/Fuzzing

Metasploit Unleashed created an excellent starter tutorial on Fuzzing: Writing a Simple Fuzzer

Google Project Zero is known to conduct Fuzzing at scale (Maybe the entire Internet?) Learn more about their fuzzing approach here: Google Fuzzing at Scale

Remember to have fun, be safe, and always practice responsible disclosure.

guerilla7
  • 39
  • 3
0

Google's project zero published some information on this subject. If you look at slide 15, their research breaks down how vulnerabilities are found: manually (54.2%), fuzzing (37.2%), and using other techniques/tools (8.6%). This simple breakdown is a good guide in how one should focus their efforts: Start reading the code to find a good fuzz target; then, build a fuzz harness and start fuzzing. Now, continue reading the code to build your understanding more, identify more fuzz targets, and potentially find an interesting bug or two.

jmcarter9t
  • 101