Runtime Analysis of Vulnerabilities and Generation of Exploits

Explore cutting-edge research on vulnerability detection and exploit generation in this Black Hat conference talk. Delve into RAVAGE, a powerful tool that leverages standard program execution to detect full dataflow vulnerabilities at runtime. Learn how RAVAGE can be used both offensively and defensively, from identifying vulnerabilities and generating exploits to integrating new exploits into existing frameworks. Discover the tool's ability to uncover security vulnerabilities by running non-security-related test cases. Gain insights into RAVAGE's design, including data file handling, event tracking, and object splitting. Watch demonstrations featuring Web Goat and understand the tool's implementation and mobility. By the end of this talk, grasp the potential of RAVAGE in revolutionizing vulnerability analysis and exploit generation, with the added benefit of its open-source availability and design documentation.

Introduction
Agenda
Static Analysis
Blackbox Analysis
Advantages
Problems
Graphs
Statistics
What is RAVAGE
RAVAGE Design
Data File
Tracking Events
Splitting Objects
Recall Rapper
Rapper
Demo
Web Goat Demo
Implementation
Mobility
Summary