Presented at
BSidesLV 2019,
Aug. 6, 2019, 3 p.m.
(55 minutes).
Imagine yourself looking through a myriad number of crash dumps trying to find that one exploitable bug that has escaped you for days!
And if that wasn't difficult enough, the defenders know that they can make us chase ghosts and red herrings, making our lives waaaay more difficult (Chaff Bugs: Deterring Attackers by Making Software Buggier)[https://arxiv.org/pdf/1808.00659.pdf]
Offensive research is a great field to apply Machine Learning (ML), where pattern matching and insight are often needed at scale. We can leverage ML to accelerate the work of the offensive researcher looking for fuzzing->crashes->exploit chains.
Current techniques are built using sets of heuristics. We hypothesized that we can train an ML system to do as well as these heuristics, faster and more accurately.
Machine Learning is not the panacea for every problem, but an exploitable crash has multiple data points (features) that can help us determine its exploitability. The presence of certain primitives on the call stack or the output of libraries and compile-time options like libdislocator, address sanitizer among others, can be indicators of ""exploitability"", offering us a path to a greater, more generalized insight.
A demo would be shown live on stage (and if the gods permit, a tool released)!
Presenters:
-
Guy Barnhart-Magen
BSidesTLV chairman and CTF lead, Public speaker, and recipient of the Cisco "black belt" security ninja honor - Cisco's highest cyber security advocate rank
With nearly 20 years of experience in the cyber-security industry, Guy held various positions in both corporates and start-ups
He is currently a Cyber Security Consultant, focusing on OS and Services Hardening, Cryptography, AI Security, and Reverse Engineering.
-
Ezra Caltum
Ezra is an information security practitioner, with a passion for reverse engineering, data analysis, and exploitation. He is the leader of the Tel Aviv DC9723 Defcon group and a co-founder and organizer of BSidesTlv. Currently, he works as a Security Research Manager at a Fortune 500 company.
Ezra has presented at T2 Infosec Conference, BSidesLV, 44CON, Skytalks, BlackHat Arsenal, AppsecIL
Links:
Similar Presentations: