Security Researcher, Google P0
Why I write my own security tooling and why you should too!
It's easy to be impatient when doing security research, you want bugs now! But where to start? Is there source code to review? Do you have binaries to disassemble? My opinion, start by writing some domain specific tooling. There are many advantages to writing your own tooling for a research project. It'll help you better understand the technologies you're investigating which in turn helps you find more interesting vulnerabilities.
In this presentation I'll discuss the many benefits of writing your own tooling even if it delays that first, amazing find. I'll show examples of tools I've written to aid in my Windows research career and take a peek at some bugs I wouldn't have found without them. Finally I'll make the case for why writing your own tools will make you a better researcher.
James is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate. He’s also the author of the book “Attacking Network Protocols” available from NoStarch Press.