YoVDO

Practical Uses of Program Analysis - Automatic Exploit Generation

Offered By: NorthSec via YouTube

Tags

NorthSec Courses Cybersecurity Courses Symbolic Execution Courses LLVM Courses Dynamic Binary Instrumentation Courses

Course Description

Overview

Explore practical applications of program analysis in this conference talk from NorthSec. Delve into instrumentation, symbolic execution, and concolic execution techniques, both in theory and practice. Learn how to automatically generate exploits against complex, stand-alone applications by traversing program control flow, collecting path constraints, and solving for desired executions. Discover methods for targeting generalized behavior in programs and identifying known vulnerability characteristics. Watch a live demonstration solving an obfuscated 'crackme' challenge using the discussed techniques. Gain insights into CTF challenges, dynamic analysis, automating exploitation, and creating feedback loops. Examine real-world examples, including pwnable.kr and Flare-on Challenge 9. Understand the potential future applications of program analysis in finding more bugs and enhancing cybersecurity practices.

Syllabus

Introduction
CTF & Wargames
The Past
Example: Dynamic Analysis
Some Background
Automating Exploitation
AEG - pwnable.kr
Example: DBI
Example: Symbolic Execution
Example: Concolic Execution
Creating a Feedback Loop
Dynamic Binary Instrumentation
Example: Flare-on Challenge 9
AEG Demo: Assumptions
LLVM Pass
Angr Script
Conclusion: The Future
Finding (More) Bugs
Acknowledgements
References
Any Questions?


Taught by

NorthSec

Related Courses

RISC-V Toolchain and Compiler Optimization Techniques
Linux Foundation via edX
The State of Julia in 2021 - JuliaCon Keynote
The Julia Programming Language via YouTube
Get Started Using WebAssembly (wasm)
egghead.io
DataFusion and Apache Arrow: Supercharging Data Analytics with a Rust-Based Query Engine
Databricks via YouTube
Compilers - Jared Shumway
White Hat Cal Poly via YouTube