While browser and plugin exploits are frequent, it's less common to see exploits affecting targets without scripting capabilities. Are these worth attacking? How do we proceed? How do we identify valid entry points and bugs? This talk will cover some research done at Microsoft on Outlook and Exchange and discuss the results. Scary dragons will be spotted in this tour, hopefully you'll catch some too.
Nicolas Joly is a security engineer at the MSRC in the UK. He has more than 10 years of experience at reverse engineering and vulnerability discovery, and is now focused on finding and exploiting bugs at Microsoft. Prior to this, he used to hunt bugs for bounties and won several times pwn2own with Vupen Security.