Practical Uses of Program Analysis - Automatic Exploit Generation

Explore practical applications of program analysis in this conference talk from NorthSec. Delve into instrumentation, symbolic execution, and concolic execution techniques, both in theory and practice. Learn how to automatically generate exploits against complex, stand-alone applications by traversing program control flow, collecting path constraints, and solving for desired executions. Discover methods for targeting generalized behavior in programs and identifying known vulnerability characteristics. Watch a live demonstration solving an obfuscated 'crackme' challenge using the discussed techniques. Gain insights into CTF challenges, dynamic analysis, automating exploitation, and creating feedback loops. Examine real-world examples, including pwnable.kr and Flare-on Challenge 9. Understand the potential future applications of program analysis in finding more bugs and enhancing cybersecurity practices.

Introduction
CTF & Wargames
The Past
Example: Dynamic Analysis
Some Background
Automating Exploitation
AEG - pwnable.kr
Example: DBI
Example: Symbolic Execution
Example: Concolic Execution
Creating a Feedback Loop
Dynamic Binary Instrumentation
Example: Flare-on Challenge 9
AEG Demo: Assumptions
LLVM Pass
Angr Script
Conclusion: The Future
Finding (More) Bugs
Acknowledgements
References
Any Questions?