Explore effective static code analysis techniques for discovering vulnerability variants and exploitation primitives in a 39-minute Black Hat conference talk. Delve into the challenges of code pattern extraction and searching, particularly for closed-source software like Windows. Learn about workspace concepts, query modes, and the Leviathan utility for pattern search primitives. Examine real-world examples of file hijacking, reparse point, and ACL overwritten patterns, as well as RDP pool spray primitive extraction. Gain insights into constructing code queries, modeling vulnerabilities, and connecting RDP PDU to data copy operations using memcpy. Enhance your understanding of static analysis practices for improved software security.
Select Bugs From Binary Where Pattern Like CVE Days
Overview
Syllabus
Intro
Background for Static Code Analysis
Challenges for Static Code Analysis
What is Workspace, Exactly?
Workflow - Run Query
Query Mode Limitation
Example SQL Query Running Script Mode
Leviathan Utility & Pattern Search Primitives
File Hijacking Pattern: Seed Vulnerabilities
File Hijacking Pattern: Vulnerability Modeling
File Hijacking Pattern Extraction
Reparse Point Pattern: Seed Vulnerability
Reparse Point Pattern: Vulnerability Modeling
Reparse Point Pattern: Code Query Construction
ACL Overwritten Pattern: Seed Vulnerability
RDP Pool Spray Primitive Pattern Extraction
Pool Spray Pattern: Find Data Copy With Memcpy
Connect RDP PDU To Data Copy With Memcpy
Summary
Taught by
Black Hat
