Unleashing D* on Android Kernel Drivers
Offered By: nullcon via YouTube
Course Description
Overview
Syllabus
Intro
$ Android is everywhere!!
$ Bugs in Android (First Half of 2017)..
$ Okay! Why is it hard to find these bugs?
$ Static Analysis: Existing tools
$ Ideal Static analysis tool
$ Tracking user data: pointer analysis
$ Kernel drivers are small!!
$ DR.CHECKER: Story of the name
$ DR.CHECKER Overview
$ DR.CHECKER: SDTraversal
$ DR.CHECKER: Vulnerability Detectors
$ DR.CHECKER: Bue in Mediatek Accdet driver
$ DR.CHECKER: Bug in Samsung SensorHub drive
$ DR.CHECKER: Open Source and Dockerized
$ DR.CHECKER is not enough!!
$ Dynanic Analysis: Fuzzing!!
$ Fuzzing: Good Luck!!
$ Fuzzing: Highly constrained input
$ Drivers Expect Highly structured input
$ Bugs are hard to trigeer
$ DIFUZE: Idea
$ DIFUZE: Overview
$ DIFUZE: Interface Recovery
$ DIFUZE: Structure Generation
$ DIFUZE: On Device Execution
$ DIFUZE: Evaluation
$ DIFUZE: Bug Types
$ DIFUZE: Open Source
$ In Progress: drchecker.io
$ Tracking user data: Taint Propagation
Taught by
nullcon
Related Courses
Unearthing Malicious and Risky OpenSource Packages Using Packjnullcon via YouTube Pushing Security Left by Mutating Byte Code
nullcon via YouTube The Faces of MacOS Malware - Detecting Anomalies in a Poisoned Apple
nullcon via YouTube Contextomy - Let's Debug Together
nullcon via YouTube Mind The Gap - The Linux Ecosystem Kernel Patch Gap
nullcon via YouTube