February 16, 2025 1 min to read

Offensive OSINT for Finding Software Vulnerabilities

Let's find some bugs

Finding Software Vulnerabilities

I’m sure you have heard of Zero Days. They are bugs that have not been found by anyone. Imagine finding one of these and reporting it as a CVE before a malicious hacker does? YOU WOULD SAVE THE PLANET . All materials are freely available at cyber-ducky.com, and will remain available after the workshop ends.

Learning Objectives

• Learn how to analyze code from open source projects for common bugs.
• Learn how to look for potential vulnerabilities in documentation and developer forums.
• Learn how to do Software Composition Analysis.
• Learn how to leverage vulnerability databases for finding other issues.

Detailed Outline

We will demonstrate each of these topics briefly, and answer  any questions individually as needed. All the materials will remain available after the workshop to anyone who wants to use them. For this workshop, I will demonstrate real world examples of myself going through the process of finding vulnerabilities.

Source Code Mining

1. GitHub repository analysis
2. Static Application Security Testing (SAST)
3. Dynamic Application Security Testing (DAST)
4.  Advanced search operators
5.  Finding hard coded credentials
6.  Commit history analysis
7.  Issue tracking examination

 Documentation Analysis

1.  API documentation review
2. Technical specifications
3. Developer forums
4. Stack Overflow discussions
5. Release notes/changelogs

Version Analysis

1. Version Detection
2. Dependency Tracking
3. Software composition analysis
4. Dependency tree analysis
5. Version comparison tools

Public Vulnerability Research

1. CVE Database Investigation
2. NVD search techniques
3. MITRE CVE analysis
4. Exploit-DB correlation
5. Bug bounty program reports

Practical Exercises

Exercise 1: Code Analysis on an Open Source Project

1. Source Code Mining
2. GitHub repository analysis
3. Advanced search operators
4. Finding hard coded credentials
5. Commit history analysis

Exercise 2: Version Mining

1. Select an open-source project
2. Map its dependencies
3. Cross-reference with CVE databases
4. Document potential vulnerabilities

Exercise 3: Documentation Analysis

1. Review public API docs
2. Identify security implications
3. Map potential attack surfaces