1. What is bug hunting? -- the process of finding bugs in software/hardware. security related bugs are called security vulnerablities, the programs that take advantage of them are called exploits.
2. Why hunting security bugs? -- Mostly for profits.
3. Techniques: static analysis and dynamic analysis
static analysis -- examining source code or disassembly of a binary but don't execute it.
dynamic analysis -- debugging the code while it is executing
入手点: Identify where user-influenced input enter into the software
Find potential vulnerable code locations (such as strcpy, strcat) and trace backward
Fuzzing
4. Goal: gain control of program counter (EIP), when you achieve control over EIP, you controls the execution of the software, and there are many ways to turn it into a fully working, weaponized exploits.