"Watching over the shoulder of a professional": Why hackers make mistakes and how they fix them
Irina Ford, Ananta Soneji, Faris Bugra Kokulu, Jayakrishna Vadayath, Zion Leonahenahe Basque, Gaurav Vipat
IEEE Symposium on Security and Privacy 2024 · Day 1 · Continental Ballroom 5
This talk, presented by Irina Ford and her colleagues from Arizona State University, delves into the often-overlooked aspect of human error in vulnerability research and exploitation. Titled "Watching over the shoulder of a professional," the research meticulously analyzes the mistakes made by skilled hackers during **Capture The Flag (CTF) style binary exploitation challenges**, focusing specifically on **memory corruption vulnerabilities**. The core premise is that despite significant advancements in automation, vulnerability exploitation remains a highly manual, time-consuming, and inherently error-prone process.
AI review
This research provides a data-driven, systematic analysis of human error in binary exploitation, leveraging CTF videos to quantify hacker mistakes. The "Mistake Anatomy Framework" and detailed categorization of errors offer invaluable insights for improving exploit development efficiency and informing defensive strategies. It's a solid empirical study that brings necessary rigor to understanding the human element in offensive security.