Vulnerabilities discovery can be challenging for novice. In our talk, we will share the steps(and failure) we went through from beginner until finding 2 apple safari CVE (CVE-2019-8678,CVE-2019-8685)
In the first part of our talk, we will walkthrough some of the trick we used for target enumeration and corpus collection. Then ,we will share the steps we made to get the 2 CVE with public fuzzer. Lastly, we will go through the root cause analysis of these bugs and demonstrate how we do it for beginners.