Security Through Automated Binary Analysis

Presented at The Fifth HOPE (2004), July 9, 2004, 11 a.m. (60 minutes)

Automated binary analysis techniques have become sufficiently advanced so that having the source to software is no longer a prerequisite for finding security flaws. The binary is equivalent to the source. And a patch is equivalent to a detailed description of a security flaw. This talk will cover the implications of the latest binary analysis technology and give an overview of some of the technology available.


Presenters:

  • Christien Rioux / DilDog as Dildog
    Serving as @stake's Lead Software Architect, DilDog came to @stake as a founder from L0pht Heavy Industries, a renowned security think-tank. While at @stake and L0pht, he developed the best selling Windows password auditing tool LC3, and the AntiSniff product. He is also responsible for numerous security advisories in many applications, operating systems, and environments. He is a recognized authority in the areas of Windows product vulnerability assessment, application optimization, and program analysis. His current responsibilities include design and development of the SmartRisk Analyzer (SRA).
  • Chris Wysopal / Weld Pond as Weld Pond
    Weld Pond was one of the L0pht members who testified before the U.S. Senate under his pseudonym (and he wasn't even in the witness protection program). He was on the original L0phtCrack team and also wrote Netcat for Windows. Now he specializes in software security and automated vulnerability discovery tools.

Links:

Similar Presentations: