YoVDO

Binary Fuzzing With Snapshot-Assisted-Driven Comparison Branch Analysis

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Security Research Courses

Course Description

Overview

Explore advanced binary fuzzing techniques in this Hack In The Box Security Conference talk. Delve into a novel approach for analyzing input comparison statements in real-world software without symbolic computation. Learn about Ligthbranch, a tool that automatically extracts comparison values from closed-source binaries, enhancing fuzzer efficiency in vulnerability detection. Discover how to integrate this methodology with AFL fuzzer, and gain insights into snapshot-assisted-driven comparison branch analysis. Understand key concepts such as snapshot repository, leap node detection, page block reasoning, and comparison branch types. Witness a practical demonstration of these techniques in action.

Syllabus

Introduction
About Me
Summary
Motivations
Example
Input Generation
Input Generation Techniques
Approach
Action Mechanism
Snapshot Repository
Snapshot Creation Flow
Leap Node Detection
Page Block Reasoning
Selection Rules
Memory Selection
Control Flow Hijacking
Memory Access Errors
Comparison Branch Types
UData Analysis
Comparison Value Extraction
Offset
White Sequencing
Architecture
Demo


Taught by

Hack In The Box Security Conference

Related Courses

Browser Hacking With ANGLE
Hack In The Box Security Conference via YouTube Can A Fuzzer Match A Human
Hack In The Box Security Conference via YouTube Biometrics System Hacking in the Age of the Smart Vehicle
Hack In The Box Security Conference via YouTube ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices
Hack In The Box Security Conference via YouTube Fuzzing the MCU of Connected Vehicles for Security and Safety
Hack In The Box Security Conference via YouTube