You're listening to the CyberWire Network, powered by N2K.

Today's episode is sponsored by SRM, your first call for cybersecurity and

investigations. Threats today are evolving faster than ever before and since 2005 SRM has pioneered

tailored security solutions for global corporations and their executives.

Whether it's defending against cyber attacks with their award-winning team of ethical hackers and incident response specialists,

or navigating the murky waters of compliance and ESG challenges,

SRMs, Insight and Straight straightforward advice will help you navigate complex risks

and emerge more resilient.

Their secret, a culture that nurtures the sharpest minds, giving them access to the newest technologies and the freedom

to solve problems in new ways, enabling them to craft simple effective solutions for your

unique cyber challenges.

Search your first call to discover how SRM can help your business. Hello everyone and welcome to the CyberWire's research Saturday.

I'm Dave Bitner and this is our weekly conversation with researchers and analysts tracking

down the threats and vulnerabilities,

solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.

Thanks for joining us. We had actually all been in a training doing heap exploitation the week before this vulnerability was announced and so as soon as we saw a major heap vulnerability come up we all wanted to take a look and actually try to use what we had just learned

and write this exploit.

That's Ryan, a security researcher at Bishop Fox. He asks that we not use his full name. The research we're discussing today is

titled Building an Exploite for Fortigate Vulnerability, CBE 2023, 27997.

Yeah, the timing is everything, right?

Yeah, the timing is everything, right?

Yeah. Yeah. Well, let's walk through it together here. Can you can you take us through step by step? How did you and your colleagues approach this?

...