Starting off a new stream series, we took a look at some VirtualBox CVEs, to get an idea of what an exploitable vulnerability might look like. The purpose of this is to do, on stream, the initial research that would go into finding determining where in a target to look for bugs.

In particular, we set up an environment to look at the source code, and looked at CVE-2018-2698 - one of Niklas B's old bugs - and CVE-2019-2526.