The State of 0-Day in-the-Wild Exploitation

Note: Presentation times are in Pacific Standard Time (PST).

Tuesday, February 02, 2021 - 9:20 am9:50 am

Maddie Stone, Google Project Zero


0-day exploitation occurs when an attacker abuses a vulnerability that the defenders don't yet know about. This makes it very hard to protect against 0-day exploits and also makes 0-day vulnerabilities highly valuable. So how do we protect against the exploitation of unknown vulnerabilities? It starts with understanding everything we can about 0-day exploits.

Each time a 0-day exploit is detected in-the-wild, it's the failure case for attackers. Therefore as defenders, we should use these "failures" as an opportunity to learn as much as we can about the vulnerabilities targeted, the exploitation methods used, the techniques for discovering the vulnerabilities, and more. As a security and technical community, we can then use this data to prioritize what vulnerability research to undertake, gaps in our detection methods, exploit mitigations that will have the most return on mitigation, and overall, how to make it harder for attackers to exploit 0-days to harm users.

This talk synthesizes what we can learn from the 0-days that were exploited in-the-wild in 2020. For each of these 0-days, Project Zero performed a root cause analysis, which details the vulnerability exploited and the exploit methodology used. From these facts, we then developed ideas for better detections and systemic fixes, hypothesized on what methods the actors used to discover the vulnerability, and performed variant analysis. In this talk, we'll share what we've learned from these exploits used in 2020 and how to apply it in 2021 to make it that much harder.

Maddie Stone, Google Project Zero

Maddie Stone (@maddiestone) is a Security Researcher on Google Project Zero where she focuses on 0-days used in-the-wild. Previously, she was a reverse engineer and team lead on the Android Security team, focusing predominantly on pre-installed and off-Google Play malware. Maddie also spent many years deep in the circuitry and firmware of embedded devices. Maddie has previously spoken at conferences including Black Hat USA, REcon, OffensiveCon, KasperskySAS, and others. She holds a Bachelors of Science, with a double major in Computer Science and Russian, and a Masters of Science in Computer Science from Johns Hopkins University.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@conference {264118,
author = {Maddie Stone},
title = {The State of 0-Day {in-the-Wild} Exploitation},
year = {2021},
publisher = {USENIX Association},
month = feb

Presentation Video