Darknet Diaries 57: MS08-067
14 snips
Jan 21, 2020 John Lambert, a security expert at Microsoft, discusses the intense internal processes behind discovering major vulnerabilities in Windows. He shares insights into the MS08-067 exploit and how it fueled the Conficker crisis. Lambert explains the complexities of Patch Tuesday and the urgent response required to address critical risks. He also sheds light on the proactive measures taken by the Trustworthy Computing Group to enhance customer trust and the challenges of analyzing error logs to prevent future attacks. It's a captivating look into the world of cybersecurity!
AI Snips
Chapters
Books
Transcript
Episode notes
Crash Dumps for Security
- John Lambert realized that attack data might exist in Windows Error Reporting (WER) crash dumps.
- This sparked his investigation into using WER data for security purposes.
Hunting Zero-Days
- John Lambert searched WER logs for hacker activity, focusing on specific apps and code paths.
- Exploits often target predictable entry points, narrowing the search.
A Strange Crash Report
- John Lambert discovered a unique crash report with exploit code, an “egg hunt,” and a patched DLL.
- This combination suggested a new, unknown vulnerability.
