We're always seeing vulnerability reports in the news, but how much do you know about finding and reporting these bugs? In this talk, we're going to look at a series of critical security vulnerabilities in an RPC service developed for mainframes, ported to modern operating systems, and used by most large companies. We'll cover the full process:

How we prepare the application for analysis
How we reverse engineer implement the binary protocol
How the RPC service authenticates users, processes messages, and starts other services
How we can bypass user authentication
How we found / exploited a variety of vulnerabilities in the services (including making Metasploit modules)
How we reported all this to the vendor, and how we coordinated disclosure

Basically, this will be an end-to-end vulnerability research bonanza!