Overview
Explore the world of contemporary automatic program analysis in this 42-minute Black Hat conference talk by Julian Cohen. Delve into the history of program analysis, tracing its evolution from manual techniques to automated methods for discovering vulnerabilities and reasoning about code. Learn how to leverage existing program analysis tools and techniques to automatically find vulnerabilities in various systems. Discover the cutting-edge advancements in the field, including how minor modifications to existing projects and small scripts can lead to world-class vulnerability discoveries. Gain practical insights through code examples and demonstrations, covering topics such as metacharacter injection, command injection, type confusion, buffer overflow, and symbolic execution. Access accompanying online reference material to further enhance your understanding of automatic program analysis and its applications in cybersecurity.
Syllabus
Introduction
Julian Cohen
Program Analysis
Vulnerability Research
Vulnerability Discovery
Presentation Goal
Metacharacter Injection
Command Injection
Type Confusion
Implicit Type Conversion Vulnerability
Implicit Type Conversion
Buffer Overflow
Rats
FAL Grind
BAL Grind
QuickSEC
After Free Vulnerability
Aurora Center
Aurora UAF
Symbolic Execution
Constraint Solving
Klee
CLE
CLE Demo
Symbolic Execution Engines
Static Analysis Platforms
Conclusion
Thanks
Questions
Taught by
Black Hat