GUEB : Static Detection of Use-After-Free on Binary

Presented at ToorCon San Diego 17 (2015), Oct. 24, 2015, 3 p.m. (50 minutes)

I will present GUEB, a static tool looking for use-after-free and double free on binary code. I will first present how GUEB works in a theoretically point of view. Then I will explain some part of the implementation. I will make a live demo of the tool and show how everything works through reals exemplars of bugs found with it. The tool will become open source before the end of the conference, so everyone will be able to try it. I added a draft of slide of the presentation as support. I can added a short paper that shows some details about the demo that I want to perform during the presentation.

Presenters:

• Feist Josselin
  I am a French PhD Student. I am a member of securimag, a french hacking club / ctf-team (https://securimag.org) and the main orga of Grehack 2015 (http://grehack.fr).

Similar Presentations:

• AppSec USA 2014 / Use After Free Exploitation
• Black Hat USA 2013 / Bugalyze.com - Detecting Bugs Using Decompilation and Data Flow Analysis
• Global AppSec - DC 2019 / OWASP Find Security Bugs: The community static code analyzer