|
|
|
|
|
|
by tuxxy
2951 days ago
|
|
|
I like to use GitHub to find vulnerabilities. I mostly do cryptographic engineering, so when hunting for issues, I search for things that are usually problematic. For example, searching for something like "XOR encrypt" and you might find someone doing something they shouldn't. You can also try to find problematic implementations of standards by searching for those standards and trying to find comments or similar code. You might find some interesting stuff by searching "ECIES" or "NIST SP 800". If your goal is to begin research, typically you'd find a problem, exploit technique, or vulnerability class that interests you. Then you start looking for places where you might be able to see how people defend against it (if at all). This is when you start finding issues pretty quick since you develop some sort of custom heuristics on code you examine. Best tip from me would be to get to know some standards and see if they are being implemented correctly. |
|
|