tags:pwn2ownmethodologylearning_resourceNETjavadeserialization
original link: Pwn2Own Stories newsletter link: exploits.club Weekly Newsletter 41 - Exploit Dev Lifecycle, Binder Internals, UEFI Deep-Dive, and More


Exploits Club Summary:

A bit late to this one but @bdmcbri’s Pwn2Own stories talk hit YouTube a few weeks back. The talk goes through some of the targets he has gone after, his success, failures, and overall learnings. The talk shines for the way it emphasizes the usefulness in taking a simple approach and not being overly concerned about the myriad of unknowns associated when targeting something like a SCADA devices for the first time. Along the way, the talk goes over a handful of Ben’s entries, ranging from .NET and Java deserialization bugs to crypto weaknesses. If you are interested in participating in Pwn2Own for the first time, this talk is there to get you on your way and show you the barrier to entry maybe lower than you think