Leveraging CVEs as North Stars in vulnerability discovery and comprehension.
Created: 2020-12-15 Updated: 2023-09-27
CVE North Stars introduces a method to kickstart vulnerability research by taking advantage of the CVE information freely available (ie public blog posts, Github POCs, CVE Mitre database, etc). A CVE provides a compass of sorts that orients and guides a researcher towards a deeper understanding of the patched vulnerability and its vulnerability class. The idea is to treat CVEs as North Stars in vulnerability discovery and comprehension.
Performing analysis of a CVE challenges the researcher to go one step past learning (what others understand) and arrive in a place of actual research (discovering something new). This tutorial walks through practical CVE analysis, binary patch diffing, and root cause analysis. While these techniques for vulnerability research aren’t new, this tutorial offers concise collection of practical examples and ideas for leveraging CVEs to get started.
CVE analysis provides an opportunity to gain more insight into vulnerabilities and the vulnerability classes responsible for the security issues within everyday software. Applying Patch Differential Analysis (Patch Diffing) to the relevant security updates will provide clarity into what changes were made to fix a specific vulnerability. Finally, Root Cause Analysis will determine whether a specific security patch was effective, and may hint that there are more vulnerabilities ready to be discovered.
- Learn a practical method to focus on a set of CVEs to discover and generalize a vulnerability class or CWE - Common Weakness Enumeration via CVE analysis.
- Gain familiarity with the Microsoft Windows update process
- Improve Reverse Engineering and use of open source tools (Ghidra, symchk, patch-diff-correlator, etc.)
- Experience Patch Diffing With Ghidra
- Introduction to Root Cause Analysis
Cover photo by Faik Akmd from Pexels