Hunting for Bugs, Catching Dragons

Conference:  BlackHat USA 2019



The presentation discusses vulnerability research on Outlook and Exchange and highlights the importance of email security. The speaker shares various exploits and bugs found in these systems.
  • Outlook and Exchange are vulnerable to various exploits and bugs
  • Email security is crucial in preventing attacks
  • Examples of past exploits include ILOVEYOU bugs, flash exploits, and phone parser attacks
  • The speaker shares personal anecdotes and demos to illustrate the points
The speaker shares a personal anecdote about a submission by Jefe, who managed to embed a flash exploit in an email and insert the flash control to send it, ultimately showing codec section. This highlights the creativity and persistence of attackers in finding new ways to exploit vulnerabilities.


While browser and plugin exploits are frequent, it's less common to see exploits affecting targets without scripting capabilities. Are these worth attacking? How do we proceed? How do we identify valid entry points and bugs? This talk will cover some research done at Microsoft on Outlook and Exchange and discuss the results. Scary dragons will be spotted in this tour, hopefully you'll catch some too.



Post a comment

Related work