ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically

Presented at DEF CON 18 (2010), Aug. 1, 2010, 4 p.m. (50 minutes)

This is a new methods to expedite the speed of binary diffing process. Most of the time in analyzing security patches are spent in finding the patched parts of the binary. In some cases one patch contains multiple patches and feature updates. The mixed patches will make the analysis very difficult and time consuming. That's where our new security patch recognizing technology kicks in. We're presenting general signature based security patch recognition and also a method combined with static taint analysis. With both methods implemented, we are presenting new DarunGrim 3 in this year's Defcon. It'll be a must have tool for the security researchers who's looking for the free 1-day exploits.

Presenters:

• Jeongwook Oh - Sr. Security Researcher, WebSense Inc.
  Jeongwook Oh started his career as a firewall developer back in mid 90s. After that he spent few years doing security audits and penetration testing. Finally, he moved to California and joined eEye crew and did some IPS stuff. It involved userland and kernel land hacking stuff. Now he's working for WebSense Inc where he's doing research related to malware and exploit detection.

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Oh
• https://www.youtube.com/watch?v=oDF8QZAOPEA

Similar Presentations:

• Black Hat Asia 2014 / Persist It: Using and Abusing Microsoft's Fix It Patches
• Black Hat USA 2010 / ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically
• ToorCon San Diego 12 (2010) / ExploitSpotting: Locating Vulnerabilities Out of Vendor Patches