This webcast is a bit off the normal track for us. This recording was made live at a conference a few months back. (Sorry that the first few minutes have the screen capture software in view. Be patient, it goes away before we get to anything really good!) In the recording, David Hoelzer walks through a demonstration of the various phases that a security researcher (or hacker) would go through to discovery a vulnerability, build a proof of concept and finally create a working exploit.

A major take-away from this demonstration is how quickly this can be done. The actual demonstration takes only 60 minutes from beginning to end and that's with all of the talking and explaining. This exploit could, after being discovered, have a working POC exploit and Metasploit module written in about 15 minutes.

I've had people say, "Well, sure, there's a flaw, but it would be really hard to exploit it." Guess what.. In many cases they're just plain wrong!