Skip to main content

Writing Exploits When No One Else Has

Jacob Baines
CTO, VulnCheck

The VulnCheck Initial Access Intelligence team writes exploits that often target systems no one else is talking about. Sometimes it is because the system is new or obscure, and other times there is no public research or available proof-of-concept to rely on. Whether we are dealing with a zero-day vulnerability, an undocumented protocol, or hardware with little community documentation, we often find ourselves starting from nothing but raw binaries and observed system behavior.

In this talk, we will walk through a few real-world exploits developed by our team, focusing on how they were discovered, how we approached building reliable exploitation techniques, and why they matter in the broader security landscape. Each case study will highlight a unique challenge—whether it be reverse engineering undocumented firmware, targeting unusual processor architectures, or crafting dependable payload delivery mechanisms in environments lacking common tooling. We will openly share what worked, what failed, and what defenders and other researchers can learn from our methods and insights.

This talk is designed for reverse engineers, vulnerability researchers, detection engineers, and anyone interested in understanding what it truly takes to build working initial access exploits when no public guidance or writeups exist. If you want a behind-the-scenes look at how real offensive capability is built from the ground up, this session will deliver.

Cookie Consent

We use cookies to improve your experience and for analytics.
Privacy Preferences
I use cookies to ensure the basic functionalities of the website and to enhance your online experience. You can choose for each category to opt-in/out whenever you want. For more details relative to cookies and other sensitive data, please read the full privacy policy.
Essential cookies
Required
Marketing cookies
Analytics cookies
Personalization cookies