Explore advanced binary fuzzing techniques in this Hack In The Box Security Conference talk. Delve into a novel approach for analyzing input comparison statements in real-world software without symbolic computation. Learn about Ligthbranch, a tool that automatically extracts comparison values from closed-source binaries, enhancing fuzzer efficiency in vulnerability detection. Discover how to integrate this methodology with AFL fuzzer, and gain insights into snapshot-assisted-driven comparison branch analysis. Understand key concepts such as snapshot repository, leap node detection, page block reasoning, and comparison branch types. Witness a practical demonstration of these techniques in action.
Binary Fuzzing With Snapshot-Assisted-Driven Comparison Branch Analysis
Hack In The Box Security Conference via YouTube
Overview
Syllabus
Introduction
About Me
Summary
Motivations
Example
Input Generation
Input Generation Techniques
Approach
Action Mechanism
Snapshot Repository
Snapshot Creation Flow
Leap Node Detection
Page Block Reasoning
Selection Rules
Memory Selection
Control Flow Hijacking
Memory Access Errors
Comparison Branch Types
UData Analysis
Comparison Value Extraction
Offset
White Sequencing
Architecture
Demo
Taught by
Hack In The Box Security Conference
