Link Search Menu Expand Document (external link)

CVE North Stars

Leveraging CVEs as North Stars in vulnerability discovery and comprehension.

pexels-faik-akmd-1025469 Photo by Faik Akmd from Pexels

Created: 2020-12-15 Updated: 2022-09-08

Follow @clearbluejar View CNS on GitHub

Overview

CVE North Stars introduces a method to kickstart vulnerability research by taking advantage of the CVE information freely available (ie public blog posts, Github POCs, CVE Mitre database, etc). A CVE provides a compass of sorts that orients and guides a researcher towards a deeper understanding of the patched vulnerability and its vulnerability class. The idea is to treat CVEs as North Stars in vulnerability discovery and comprehension.

Performing analysis of a CVE challenges the researcher to go one step past learning (what others understand) and arrive in a place of actual research (discovering something new). This short tutorial walks through practical CVE analysis, binary patch diffing, and root cause analysis. While these techniques for vulnerability research aren’t new, this tutorial offers concise collection of practical examples and ideas for leveraging CVEs to get started.

CVE analysis provides an opportunity to gain more insight into vulnerabilities and the vulnerability classes responsible for the security issues within everyday software. Applying Patch Differential Analysis (Patch Diffing) to the relevant security updates will provide clarity into what changes were made to fix a specific vulnerability. Finally, Root Cause Analysis will determine whether a specific security patch was effective, and may hint that there are more vulnerabilities ready to be discovered.

Along the way, this tutorial analyzes several Windows Print Spooler CVEs that clearly demonstrate the need for understanding the root cause of vulnerabilities when attempting to patch them.

Key Objectives

Get started