I recently spoke at Trà Đá Hacking #1 (http://trada.vnsecurity.net), organized by VNSec in HCMC on the topic of ‘How to Get Started in Finding 0-Days – A Use Case’. The short introductory talk was intended to introduce the topic of finding 0-days using a real-world scenario as an example.
The slides can be found here:
I have created a remote code/command execution exploit client for the talk, based on 2 vulnerabilities discovered last year. The exploit can be downloaded here:
A sample video of the exploit in action:
Update: After a long time, the guys at FRP finally released the fixed version: https://frpsupport.fogbugz.com/default.asp?W291