VulnCatcher: Fun with Vtrace and Programmatic Debugging

Presented at DEF CON 16 (2008), Aug. 9, 2008, 4 p.m. (50 minutes)

Countless hours are spent researching vulnerabilities in proprietary and open source software for each bug found. Many indicators of potential vulnerabilities are visible both in the disassembly and debugging, if you know what to look for. How much can be automated? VulnCatcher illustrates the power of programmatic debugging using the VTRACE libraries for cross-platform debugging.

Presenters:

• Gavin Mead / atlas   as atlas
  atlas a disciple of the illustrious Skodo, has a history in programming, systems support, telecom, security, and reverse engineering. His introduction to the hard-core hacking world was through dc13's CTF Qualifiers. Captain of two-time CTF-winner "1@stplace" and individual winner of CTF-2005, atlas has released hacking tools and toolkits such as disass, atlasutils, and is co-maintainer of the python library for x86 disassembly: libdisassemble.

Links:

• https://defcon.org/html/defcon-16/dc-16-speakers.html#atlas
• https://infocon.org/cons/DEF CON/DEF CON 16/DEF CON 16 video/DEF CON 16 - Atlas - VulnCatcher - Video.mp4
• https://www.youtube.com/watch?v=8lm5iHF1KIQ

Similar Presentations:

• HushCon East 2023 / The Debugging Uncertainty Principle
• DEF CON 15 (2007) / Intelligent debugging for VulnDev
• ToorCon San Diego 12 (2010) / Programmatic Web Hacking