ZERO-DAY HUNTING | WEEK 1
Week 1
Purpose
Ever since I began learning about cybersecurity in 2022, there has always been one concept that has stood out ahead of the rest. A word that strikes fear into the hearts of any CISO, analyst, responder. A word that makes threat actors salivate at the mouth. The zero-day vulnerability.
A zero-day vulnerability is a vulnerability that is unknown to the vender of the application, software, system, etc. and there is no patch in place to fix it.
My goal of this project is to find my first zero-day and get a CVE under my name. By doing this, I will have given back to the community and proven to myself that I have what it takes to work in this field professionally.
I will be using open-source applications that I can run locally in order to tinker around freely. And for obvious reasons, I will not be disclosing any of the vulnerabilities I find until after the vendor has created a patch for it. I wouldn’t want those exploits to get into the wrong hands.
Plan
My attacker machine of choice will be Kali Linux. It is my first Linux operating system and the distribution I have come to know and love. A list of the tools I will have at my disposal can be found on my github.
- https://www.kali.org/
- https://github.com/c2dragon/Pentesting (Still a work in progress.)
I will use Docker to host application locally.
Each week I will move to a new application. If the application is robust, I may spend a maximum of 2 weeks before moving on.
For applications that I find vulnerabilities in, I will report it to the vendor, apply for a CVE, and wait to hear back. Afterwards, I will provide a walkthrough of the CVE and conclude this saga. If this challenge proves to be too easy, I may increase the number of CVEs I need to find to 5, 10, 20, etc.
For applications that I do not find any vulnerabilities, I will showcase my pentesting methodology against the application in this weekly blog.
Closing
Wish me luck. It might take me days, weeks, or months to complete this goal.
If nothing else, I hope I will have learned a few more tricks to put into my sleeve and that this journey will have made me a better security researcher.