Explore a comprehensive research presentation on determining the practical exploitability of software issues through crash analysis. Delve into a semi-automated crash analysis framework designed to augment researchers' efforts in triaging exploitability and impact of program crashes. Learn about the combination of backward and forward taint propagation systems, and how they integrate into a single framework that maps input areas influencing crashes and analyzes potential code execution capabilities. Discover the implementation of two functional tools, including DPTrace, and witness demonstrations using public vulnerabilities. Gain insights into the challenges faced by exploit writers and product security teams in the era of advanced fuzzing frameworks and modern protection mechanisms.
DPTrace - Dual Purpose Trace for Exploitability Analysis of Program Crashes
Overview
Syllabus
Intro
Agenda
Objectives
Current State of Affairs
Taint Analysis for Program Crashes
History and Lore
State Transition for Memory Corruption
Backward Taint Analysis
Forward Taint Analysis
Fake Memory Structure Sample
Implementation Details
Sample Analysis on dead bugs
Sample Analysis 1
Sample Analysis 2
Sample Analysis 3
Challenges & Limitations
Taught by
Black Hat
