Presented at
Summercon 2013,
June 7, 2013, 4 p.m.
(50 minutes)
The last decade has seen a large focus on vulnerability discovery automation with various methods of fuzzing and input generation, however little has been said about crash analysis or triage. This talk will discuss a powerful toolchain for crash analysis that incorporates the best available approaches for automated reasoning about memory access violation exceptions and overcomes limitations in currently available tools such as !exploitable and crashwrangler.
In particular, we will discuss three key areas: dynamic taint analysis to track areas of memory that are influenced by user-controlled data, forward and backward taint slicing to isolate input bytes that lead to the crashing state, and finally forward symbolic execution to determine if the input can be modified to reach an alternate state giving more control over the execution of the program. In other words, our system will isolate the input bytes causing the crash and try to determine if your ReadAV can actually be turned into a WriteAV or code execution
Presenters:
-
Richard Johnson
Richard Johnson is a computer security specialist who spends his time playing in the realm of software vulnerability analysis. Richard currently fills the role of Principal Research Engineer on Sourcefire's Vulnerability Research Team, offering over 10 years of expertise in the software security industry. Current responsibilities include research on exploitation technologies and automation of the vulnerability triage and discovery process. Past areas of research include memory management hardening, compiler mitigations, disassembler and debugger design, and software visualization. Richard has released public code for binary integrity monitoring, program debugging, and reverse engineering and has presented at dozens of conferences worldwide since 2004. Richard is also a co- founder of the Uninformed Journal and a long time resident of the Hick.org ranch.
-
pa_kt
pa_kt is a Senior Research Engineer on Sourcefire's Vulnerability Research team. 10+ years of experience in reverse engineering in various roles (like malware analyst or vulnerability researcher) and MSc in computer science help him to fullfil his current responsibilities at Sourcefire, which include (but are not limited to) automating various stages of vulnerability discovery and triage.
Similar Presentations: