Program Vulnerability Analysis Using DBI
|
|
- Maximillian Malone
- 5 years ago
- Views:
Transcription
1 Program Vulnerability Analysis Using DBI CodeEngn Co-Administrator CodeEngn ReverseEngineering Conference
2 Outline What is DBI? Before that How? A simple example Demo! 2
3 What is DBI? Instrumentation Keyword : To gather information, insert code Dynamic Binary Instrumentation Keyword : Running program, special purpose, insert code Arbitrary Code Running 3
4 Static Analysis Summary - Without running - Considering all execution paths in a program - Tools : Sonar, cppcheck, Prevent, KlockWork 4
5 Static Analysis Check Out Coding Compile Error Modify Defect Check In 5
6 Dynamic Analysis Summary - Running - Considering single execution path - Input dependency 6
7 Winner Dynamic Analysis More precise Because > works with real values in the run-time if ( you think Ollydbg & IDA Disassembler ) Easy to understand 7
8 Source Analysis Source Analysis - Language dependency - Access high-level information - Tools : Source insight 8
9 Binary Analysis Binary Analysis - Platform dependency - Access low-level information ex) register - Complexity, Lack of Higher-level semantics, Code Obfuscation 9
10 DRAW Binary Analysis Original source code is not needed Source Analysis Just you look at source 10
11 SBI Static Binary Instrumentation - Before the program is run - Rewrites object code or executable code - Disassemble -> instrumentation 11
12 DBI Dynamic Binary Instrumentation - Run-time - By external process, grafted onto the client process 12
13 Winner DBI 1. Client program doesn t require to be prepared 2. Naturally covers all client code 13
14 Usefulness of DBI Do not need Recompiling and Relinking Find the specific code during execution Handle dynamically generated code Analyzing running process 14
15 Use Trace procedure generating Fault tolerance studies Emulating new instructions Code coverage -> t / all * 100 Memory-leak detection Thread profiling And so on... 15
16 Before that Taint Analysis Kind of information flow To see the flow from the external input effect 16
17 Taint propagation Tainted Tainted Untainted 17
18 Taint propagation Untrusted source 1 Untrusted source 2 18
19 Use Detecting flaws if ( tracking user data == available ) I see where untrusted code swimming Data Lifetime Analysis 19
20 How? Dynamic Binary Instrumentation Tools Pin : Win & Linux & MAC, Intermediate Language DynamoRIO : Win & Linux & MAC TEMU : Win & Linux, QEMU based Valgrind : Linux 20
21 How? Use PIN Tool Windows, Linux, MAC OSX Custom Code ( C or C++ ) Attach the running file Extensive API Pinheads 21
22 Pin? One of JIT ( Just In Time ) compiler Not input bytecode, but a regular executable Intercept instruction and generates more code and execute 22
23 Pin? Pin : Instrumentation Engine Pintool : Instrumentation Tool Application : Target Program or Process 23
24 Pin? 24
25 Pin? 25
26 Pin? 26
27 Pin? 27
28 Pin? 28
29 Install if ( Install window ) you need to visual c++ else if ( install linux ) you need to gcc-c++ else if ( install mac 64bit ) not available 29
30 A Simple Example Inscount & Itrace & Pinatrace Step by modify code Inscount M Itrace M Pinatrace 30
31 Inscount - count the total number of instructions executed 31
32 Modify Inscount 32
33 Itrace Itrace Instruction Address Trace How to pass arguments Useful understanding the control flow of a program for debugging 33
34 Itrace 34
35 Modify Itrace 35
36 insertpredicatedcall? To avoid generating references to instructions that are predicated when the predicate is false Predication is a general architectural feature of the IA-64 36
37 Pinatrace Pinatrace Memory Reference Trace Useful debugging and for simulating a data cache in processor 37
38 Pinatrace 770B89DA : Instrumentation Points R/W : Access Type 0023F434 : &Address 4 : R/W Size 0x01 : *Address 38
39 Vera Use vera! Shmoocon 2011 Danny Quist Visualizing Executables for Reversing & Analysis Better OEP detection & IDA Pro Plugin 39
40 Demo! if ( Use DBI with Vera ) you will see the memory flow ( easily ) And you will see the pattern of vulnerable program and patched program 40
41 Demo! 41
42 Zero-day! 1. Hook Vulnerability Function 2. And 3. Olleh! strcpy, strcat, sprintf, scanf, fscanf, strstr, strchr monitoring ESI It s possible to modify the parameters 42
43 Zero-day! 43
44 Zero-day! 44
45 reference
46 Q & A CodeEngn ReverseEngineering Conference 46
47 Quiz OR, XOR A Taint ( 1 ) B Taint?? hint ) AND B 1 Taint. 47
Dynamic Binary Instrumentation: Introduction to Pin
Dynamic Binary Instrumentation: Introduction to Pin Instrumentation A technique that injects instrumentation code into a binary to collect run-time information 2 Instrumentation A technique that injects
More informationDBI for Computer Security: Uses and Comparative
DBI for Computer Security: Uses and Comparative Juan Antonio Artal, Ricardo J. Rodríguez, José Merseguer All wrongs reversed jaartal@gmail.com, rjrodriguez@fi.upm.es, jmerse@unizar.es @RicardoJRdez ô www.ricardojrodriguez.es
More informationFuzzgrind: an automatic fuzzing tool
Fuzzgrind: an automatic fuzzing tool 1/55 Fuzzgrind: an automatic fuzzing tool Gabriel Campana Sogeti / ESEC gabriel.campana(at)sogeti.com Fuzzgrind: an automatic fuzzing tool 2/55 Plan 1 2 3 4 Fuzzgrind:
More informationSimpleSim: A Single-Core System Simulator
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Assignment 2 (developed by Kamran) SimpleSim: A Single-Core System Simulator Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical
More informationReverse Engineering Malware Dynamic Analysis of Binary Malware II
Reverse Engineering Malware Dynamic Analysis of Binary Malware II Jarkko Turkulainen F-Secure Corporation Protecting the irreplaceable f-secure.com Advanced dynamic analysis Debugger scripting Hooking
More informationProtection and Mitigation of Software Bug Exploitation
Protection and Mitigation of Software Bug Exploitation Vartan Padaryan vartan@ispras.ru 1 How safe is latest Linux release? Command line arguments fuzzer (inspired by Brumley s article) Launch programs
More informationBuilding Advanced Coverage-guided Fuzzer for Program Binaries
Building Advanced Coverage-guided Fuzzer for Program Binaries NGUYEN Anh Quynh WEI Lei 17/11/2017 Zero Nights, Moscow 2017 Self-introduction NGUYEN Anh Quynh, PhD
More informationWin API hooking by using DBI: log me, baby!
2009 ZARAGOZA Win API hooking by using DBI: log me, baby! Ricardo J. Rodríguez rjrodriguez@unizar.es All wrongs reversed CENTRO UNIVERSITARIO DE LA DEFENSA DOCENDI DISCENDI ANIMVS NOSVNIT NcN 2017 NoConName
More informationT Jarkko Turkulainen, F-Secure Corporation
T-110.6220 2010 Emulators and disassemblers Jarkko Turkulainen, F-Secure Corporation Agenda Disassemblers What is disassembly? What makes up an instruction? How disassemblers work Use of disassembly In
More informationMobileFindr: Function Similarity Identification for Reversing Mobile Binaries. Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, Kang Li
MobileFindr: Function Similarity Identification for Reversing Mobile Binaries Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, Kang Li Reverse Engineering The process of taking a software program s binary
More informationDBT Tool. DBT Framework
Thread-Safe Dynamic Binary Translation using Transactional Memory JaeWoong Chung,, Michael Dalton, Hari Kannan, Christos Kozyrakis Computer Systems Laboratory Stanford University http://csl.stanford.edu
More informationMalware
reloaded Malware Research Team @ @xabiugarte Motivation Design principles / architecture Features Use cases Future work Dynamic Binary Instrumentation Techniques to trace the execution of a binary (or
More informationDEBUGGING: DYNAMIC PROGRAM ANALYSIS
DEBUGGING: DYNAMIC PROGRAM ANALYSIS WS 2017/2018 Martina Seidl Institute for Formal Models and Verification System Invariants properties of a program must hold over the entire run: integrity of data no
More informationReverse Engineering Malware Binary Obfuscation and Protection
Reverse Engineering Malware Binary Obfuscation and Protection Jarkko Turkulainen F-Secure Corporation Protecting the irreplaceable f-secure.com Binary Obfuscation and Protection What is covered in this
More informationProgram Analysis Tools. Edgar Barbosa SyScan360 Beijing
Program Analysis Tools Edgar Barbosa SyScan360 Beijing - 2015 Who am I? Edgar Barbosa Senior Security Researcher - COSEINC Experience with Windows kernel rev eng and rootkits My current focus is on applications
More informationSurvey of Dynamic Instrumentation of Operating Systems
Survey of Dynamic Instrumentation of Operating Systems Harald Röck Department of Computer Sciences University of Salzburg, Austria hroeck@cs.uni-salzburg.at July 13, 2007 1 Introduction Operating systems
More informationMaking Dynamic Instrumentation Great Again
Making Dynamic Instrumentation Great Again Malware Research Team @ @xabiugarte [advertising space ] Deep Packer Inspector https://packerinspector.github.io https://packerinspector.com Many instrumentation
More informationUnicorn: Next Generation CPU Emulator Framework
Unicorn: Next Generation CPU Emulator Framework www.unicorn-engine.org NGUYEN Anh Quynh Syscan360 Beijing - October 21st, 2015 1 / 38 NGUYEN Anh Quynh Unicorn: Next Generation CPU
More informationStatic Vulnerability Analysis
Static Vulnerability Analysis Static Vulnerability Detection helps in finding vulnerabilities in code that can be extracted by malicious input. There are different static analysis tools for different kinds
More informationBinary Code Analysis: Concepts and Perspectives
Binary Code Analysis: Concepts and Perspectives Emmanuel Fleury LaBRI, Université de Bordeaux, France May 12, 2016 E. Fleury (LaBRI, France) Binary Code Analysis: Concepts
More informationInject malicious code Call any library functions Modify the original code
Inject malicious code Call any library functions Modify the original code 2 Sadeghi, Davi TU Darmstadt 2012 Secure, Trusted, and Trustworthy Computing Chapter 6: Runtime Attacks 2 3 Sadeghi, Davi TU Darmstadt
More informationTaint Nobody Got Time for Crash Analysis
Taint Nobody Got Time for Crash Analysis Crash Analysis Triage Goals Execution Path What code paths were executed What parts of the execution interacted with external data Input Determination Which input
More informationA Platform for Secure Static Binary Instrumentation
A Platform for Secure Static Binary Instrumentation Mingwei Zhang, Rui Qiao, Niranjan Hasabnis and R. Sekar Stony Brook University VEE 2014 Work supported in part by grants from AFOSR, NSF and ONR Motivation
More informationComprehensive Kernel Instrumentation via Dynamic Binary Translation
Comprehensive Kernel Instrumentation via Dynamic Binary Translation Peter Feiner Angela Demke Brown Ashvin Goel University of Toronto 011 Complexity of Operating Systems 012 Complexity of Operating Systems
More informationManaged. Code Rootkits. Hooking. into Runtime. Environments. Erez Metula ELSEVIER. Syngress is an imprint of Elsevier SYNGRESS
Managed Code Rootkits Hooking into Runtime Environments Erez Metula ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint
More informationProfilers and Debuggers. Introductory Material. One-Slide Summary
Profilers and Debuggers #1 Introductory Material First, who doesn t know assembly language? You ll get to answer all the assembly questions. Yes, really. Lecture Style: Sit on the table and pose questions.
More informationOptiCode: Machine Code Deobfuscation for Malware Analysis
OptiCode: Machine Code Deobfuscation for Malware Analysis NGUYEN Anh Quynh, COSEINC CONFidence, Krakow - Poland 2013, May 28th 1 / 47 Agenda 1 Obfuscation problem in malware analysis
More informationLecture 10. Dynamic Analysis
Lecture 10. Dynamic Analysis Wei Le Thank Xiangyu Zhang, Michael Ernst, Tom Ball for Some of the Slides Iowa State University 2014.11 Outline What is dynamic analysis? Instrumentation Analysis Representing
More informationPierre-Marc Bureau Joan Calvet - UNDERSTANDING SWIZZOR S OBFUSCATION
Pierre-Marc Bureau bureau@eset.sk Joan Calvet - j04n.calvet@gmail.com UNDERSTANDING SWIZZOR S OBFUSCATION 1 Swizzor Present since 2002! AV companies receive hundreds of new binaries daily. Nice icons :
More informationBinary Static Analysis. Chris Wysopal, CTO and Co-founder March 7, 2012 Introduction to Computer Security - COMP 116
Binary Static Analysis Chris Wysopal, CTO and Co-founder March 7, 2012 Introduction to Computer Security - COMP 116 Bio Chris Wysopal, Veracode s CTO and Co- Founder, is responsible for the company s software
More informationPLT Course Project Demo Spring Chih- Fan Chen Theofilos Petsios Marios Pomonis Adrian Tang
PLT Course Project Demo Spring 2013 Chih- Fan Chen Theofilos Petsios Marios Pomonis Adrian Tang 1. Introduction To Code Obfuscation 2. LLVM 3. Obfuscation Techniques 1. String Transformation 2. Junk Code
More informationGiridhar Ravipati University of Wisconsin, Madison. The Deconstruction of Dyninst: Part 1- the SymtabAPI
The Deconstruction of Dyninst Part 1: The SymtabAPI Giridhar Ravipati University of Wisconsin, Madison April 2007 Motivation Binary tools are increasingly common Two categories of operation Analysis :
More informationT Hands-on 2. User-mode debuggers OllyDbg
T-110.6220 Hands-on 2 User-mode debuggers OllyDbg Disassemblers vs debuggers Static analysis / Disassemblers Theoretic approach Give us a static view of the binary Example: IDA Dynamic analysis / Debuggers
More informationA hybrid approach to application instrumentation
A hybrid approach to application instrumentation Ashay Rane, Leo Fialho and James Browne 4 th August, 2014 Petascale Tools Workshop 1 Program Instrumentation What is instrumentation? Addition of statements
More informationHow to Sandbox IIS Automatically without 0 False Positive and Negative
How to Sandbox IIS Automatically without 0 False Positive and Negative Professor Tzi-cker Chiueh Computer Science Department Stony Brook University chiueh@cs.sunysb.edu 1/10/06 Blackhat Federal 2006 1
More informationCodeXt: Automatic Extraction of Obfuscated Attack Code from Memory Dump
CodeXt: Automatic Extraction of Obfuscated Attack Code from Memory Dump Ryan Farley and Xinyuan Wang George Mason University Information Security, the 17 th International Conference ISC 2014, Hong Kong
More informationDigging Deep: Finding 0days in Embedded Systems with Code Coverage Guided Fuzzing
Digging Deep: Finding 0days in Embedded Systems with Code Coverage Guided Fuzzing NGUYEN Anh Quynh Kai Jern LAU HackInTheBox - Beijing, November 2nd, 2018
More informationSecuring Software Applications Using Dynamic Dataflow Analysis. OWASP June 16, The OWASP Foundation
Securing Software Applications Using Dynamic Dataflow Analysis Steve Cook OWASP June 16, 2010 0 Southwest Research Institute scook@swri.org (210) 522-6322 Copyright The OWASP Foundation Permission is granted
More informationFoundations of Software Engineering
Foundations of Software Engineering Dynamic Analysis Christian Kästner 1 15-313 Software Engineering Adminstrativa Midterm Participation Midsemester grades 2 15-313 Software Engineering How are we doing?
More informationLecture 4 Processes. Dynamic Analysis. GDB
Lecture 4 Processes. Dynamic Analysis. GDB Computer and Network Security 23th of October 2017 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 4, Processes. Dynamic Analysis. GDB 1/45
More informationCUDA Development Using NVIDIA Nsight, Eclipse Edition. David Goodwin
CUDA Development Using NVIDIA Nsight, Eclipse Edition David Goodwin NVIDIA Nsight Eclipse Edition CUDA Integrated Development Environment Project Management Edit Build Debug Profile SC'12 2 Powered By
More informationHITB Amsterdam
Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware Guillaume Delugré Sogeti / ESEC R&D guillaume(at)security-labs.org HITB 2011 - Amsterdam Purpose of this presentation G. Delugré
More information1.1 For Fun and Profit. 1.2 Common Techniques. My Preferred Techniques
1 Bug Hunting Bug hunting is the process of finding bugs in software or hardware. In this book, however, the term bug hunting will be used specifically to describe the process of finding security-critical
More informationLIEF: Library to Instrument Executable Formats
RMLL 2017 Romain Thomas - rthomas@quarkslab.com LIEF: Library to Instrument Executable Formats Table of Contents Introduction Project Overview Demo Conclusion About Romain Thomas (rthomas@quarkslab.com)
More informationIntroduction to C An overview of the programming language C, syntax, data types and input/output
Introduction to C An overview of the programming language C, syntax, data types and input/output Teil I. a first C program TU Bergakademie Freiberg INMO M. Brändel 2018-10-23 1 PROGRAMMING LANGUAGE C is
More informationFull file at
Import Settings: Base Settings: Brownstone Default Highest Answer Letter: D Multiple Keywords in Same Paragraph: No Chapter: Chapter 2 Multiple Choice 1. A is an example of a systems program. A) command
More informationUnboxing the whitebox. Jasper van CTO Riscure North America ICMC 16
Unboxing the whitebox Jasper van Woudenberg @jzvw CTO Riscure North America ICMC 16 Riscure Certification Pay TV, EMVco, smart meter, CC Evaluation & consultancy Mobile (TEE/HCE/WBC) Secure architecture
More informationSystems software design. Software build configurations; Debugging, profiling & Quality Assurance tools
Systems software design Software build configurations; Debugging, profiling & Quality Assurance tools Who are we? Krzysztof Kąkol Software Developer Jarosław Świniarski Software Developer Presentation
More informationProgram Analysis. Program Analysis
Program Analysis Class #4 Program Analysis Dynamic Analysis 1 Static VS Dynamic Analysis Static analysis operates on a model of the SW (without executing it) If successful, produces definitive information
More informationOutline STRANGER. Background
Outline Malicious Code Analysis II : An Automata-based String Analysis Tool for PHP 1 Mitchell Adair 2 November 28 th, 2011 Outline 1 2 Credit: [: An Automata-based String Analysis Tool for PHP] Background
More informationCode deobfuscation by optimization. Branko Spasojević
Code deobfuscation by optimization Branko Spasojević branko.spasojevic@infigo.hr Overview Why? Project goal? How? Disassembly Instruction semantics Optimizations Assembling Demo! Questions? Why? To name
More informationEfficient Software Based Fault Isolation. Software Extensibility
Efficient Software Based Fault Isolation Robert Wahbe, Steven Lucco Thomas E. Anderson, Susan L. Graham Software Extensibility Operating Systems Kernel modules Device drivers Unix vnodes Application Software
More informationA Design for Comprehensive Kernel Instrumentation
Design for Comprehensive Kernel Instrumentation Peter Feiner ngela Demke Brown shvin Goel peter@cs.toronto.edu demke@cs.toronto.edu ashvin@eecg.toronto.edu University of Toronto 011 / 16 Motivation Transparent
More informationShuntaint: Emulation-based Security Testing for Formal Verification
Shuntaint: Emulation-based Security Testing for Formal Verification Bruno Luiz ramosblc@gmail.com Abstract. This paper describes an emulated approach to collect traces of program states, in order to verify
More informationMalicious Code Analysis II
Malicious Code Analysis II STRANGER: An Automata-based String Analysis Tool for PHP Mitchell Adair November 28 th, 2011 Outline 1 STRANGER 2 Outline 1 STRANGER 2 STRANGER Credit: [STRANGER: An Automata-based
More informationLecture 10. Pointless Tainting? Evaluating the Practicality of Pointer Tainting. Asia Slowinska, Herbert Bos. Advanced Operating Systems
Lecture 10 Pointless Tainting? Evaluating the Practicality of Pointer Tainting Asia Slowinska, Herbert Bos Advanced Operating Systems December 15, 2010 SOA/OS Lecture 10, Pointer Tainting 1/40 Introduction
More informationCNIT 127: Exploit Development. Ch 3: Shellcode. Updated
CNIT 127: Exploit Development Ch 3: Shellcode Updated 1-30-17 Topics Protection rings Syscalls Shellcode nasm Assembler ld GNU Linker objdump to see contents of object files strace System Call Tracer Removing
More informationEIFFEL TEST STUDIO Locating faults in external code Master Thesis Project Plan
EIFFEL TEST STUDIO Locating faults in external code Master Thesis Project Plan Reto Ghioldi Department of Computer Science ETH Zürich September 6, 2005 Project period 8.September 2005-9.March 2006 Student
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 Reference Monitor Observes execution of the program/process At what level? Possibilities:
More informationCOURSE OUTLINE & WEEK WISE BREAKAGE
COURSE OUTLINE & WEEK WISE BREAKAGE Week wise Course outline of Computer Fundamentals & Programming (CE-100) 3+1 (Batch 2018-Electronic Engineering) Dated: 13-12-2017 Course Coordinator: Saeed Azhar WEEK
More informationProtecting binaries. Andrew Griffiths
Protecting binaries Andrew Griffiths andrewg@felinemenace.org Introduction This presentation is meant to be useful for people of all skill levels. Hopefully everyone will get something out of this presentation.
More informationWhoamI. Attacking WBC Implementations No con Name 2017
Attacking WBC Implementations No con Name 2017 1 WHO I AM EDUCATION: Computer Science MSc in IT security COMPANY & ROLES: HCE Security Evaluator R&D Engineer WBC project Responsible of Android security
More informationDebugging and Profiling
Debugging and Profiling Dr. Axel Kohlmeyer Senior Scientific Computing Expert Information and Telecommunication Section The Abdus Salam International Centre for Theoretical Physics http://sites.google.com/site/akohlmey/
More informationLow level security. Andrew Ruef
Low level security Andrew Ruef What s going on Stuff is getting hacked all the time We re writing tons of software Often with little regard to reliability let alone security The regulatory environment
More informationModule: Future of Secure Programming
Module: Future of Secure Programming Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Programmer s Little Survey Problem What does program for
More informationDomain Specific Debugging Tools
Domain Specific Debugging Tools Volker Krause volker.krause@kdab.com KDAB Problem What's the Problem? So, where's the bug in your QML? Invalid read of size 1 at 0x4C2D9B0: bcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
More informationMetasm. a ruby (dis)assembler. Yoann Guillot. 20 october 2007
Metasm a ruby (dis)assembler Yoann Guillot 20 october 2007 Metasm Presentation I am Yoann Guillot I work for Sogeti/ESEC in the security R&D lab Metasm HACK.LU 2007 2 / 23 Plan Metasm 1 Metasm 2 Metasm
More informationMobile Opportunities for the Open Source Community
Mobile Opportunities for the Open Source Community Ravi Belwal (ravi.belwal@nokia.com) Sr. Technology Consultant Forum Nokia 1 2007 Nokia Corporation 2 2007 Nokia S60 is the leading converged device platform
More informationThread-Safe Dynamic Binary Translation using Transactional Memory
Thread-Safe Dynamic Binary Translation using Transactional Memory JaeWoong Chung, Michael Dalton, Hari Kannan, Christos Kozyrakis Computer Systems Laboratory Stanford University {jwchung, mwdalton, hkannan,
More informationOverview REWARDS TIE HOWARD Summary CS 6V Data Structure Reverse Engineering. Zhiqiang Lin
CS 6V81-05 Data Structure Reverse Engineering Zhiqiang Lin Department of Computer Science The University of Texas at Dallas September 2 nd, 2011 Outline 1 Overview 2 REWARDS 3 TIE 4 HOWARD 5 Summary Outline
More informationBinary Code Extraction and Interface Identification for Security Applications
Binary Code Extraction and Interface Identification for Security Applications Juan Caballero Noah M. Johnson Stephen McCamant Dawn Song Electrical Engineering and Computer Sciences University of California
More informationAndroid Debugging ART
Android Debugging ART Khaled JMAL 2016 / 11 / 17 2 / 24 The Dalvik Virtual Machine Up to version 4.4 KitKat, Android was based on the Dalvik Virtual Machine Java compiles into DEX code DEX code is compiled
More informationA Smart Fuzzer for x86 Executables
Università degli Studi di Milano Facoltà di Scienze Matematiche, Fisiche e Naturali A Smart Fuzzer for x86 Executables Andrea Lanzi, Lorenzo Martignoni, Mattia Monga, Roberto Paleari May 19, 2007 Lanzi,
More informationFixing/Making Holes in Binaries
Fixing/Making Holes in Binaries The Easy, The Hard, The Time Consuming Shaun Clowes Ð shaun@securereality.com.au What are we doing? Changing the behaviour of programs Directly modifying the program in
More informationMobile and Wireless Systems Programming
to Android Android is a software stack for mobile devices that includes : an operating system middleware key applications Open source project based on Linux kernel 2.6 Open Handset Alliance (Google, HTC,
More informationKent Academic Repository
Kent Academic Repository Full text document (pdf) Citation for published version Mercier, Daniel (2017) :. Master of Science (MSc) thesis, University of Kent. DOI Link to record in KAR http://kar.kent.ac.uk/58461/
More informationDetecting and exploiting integer overflows
Detecting and exploiting integer overflows Guillaume TOURON Laboratoire Verimag, Ensimag - Grenoble INP Marie-Laure Potet, Laurent Mounier 20/05/11 1 / 18 Context Binary representation Integers misinterpretation
More informationAbusing Android In-app Billing feature thanks to a misunderstood integration. Insomni hack 18 22/03/2018 Jérémy MATOS
Abusing Android In-app Billing feature thanks to a misunderstood integration Insomni hack 18 22/03/2018 Jérémy MATOS whois securingapps Developer background Worked last 12 years in Switzerland on security
More informationCuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes
CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, Engin Kirda 02/23/2016 Android 2015
More informationIt is academic misconduct to share your work with others in any form including posting it on publicly accessible web sites, such as GitHub.
p4: Cache Simulator 1. Logistics 1. This project must be done individually. It is academic misconduct to share your work with others in any form including posting it on publicly accessible web sites, such
More informationFast dynamic program analysis Race detection. Konstantin Serebryany May
Fast dynamic program analysis Race detection Konstantin Serebryany May 20 2011 Agenda Dynamic program analysis Race detection: theory ThreadSanitizer: race detector Making ThreadSanitizer
More informationA Security Microcosm Attacking and Defending Shiva
A Security Microcosm Attacking and Defending Shiva Shiva written by Neel Mehta and Shaun Clowes Presented by Shaun Clowes shaun@securereality.com.au What is Shiva? Shiva is an executable encryptor Encrypted
More informationRemote Entrusting by Orthogonal Client Replacement. Ceccato Mariano 1, Mila Dalla Preda 2, Anirban Majumbar 3, Paolo Tonella 1.
Remote Entrusting by Orthogonal Client Replacement Ceccato Mariano, Mila Dalla Preda 2, Anirban Majumbar 3, Paolo Tonella Fondazione Bruno Kessler, Trento, Italy 2 University of Verona, Italy 3 University
More informationEURECOM 6/2/2012 SYSTEM SECURITY Σ
EURECOM 6/2/2012 Name SYSTEM SECURITY 5 5 5 5 5 5 5 5 10 50 1 2 3 4 5 6 7 8 9 Σ Course material is not allowed during the exam. Try to keep your answers precise and short. You will not get extra points
More informationCh. 3: The C in C++ - Continued -
Ch. 3: The C in C++ - Continued - QUIZ What are the 3 ways a reference can be passed to a C++ function? QUIZ True or false: References behave like constant pointers with automatic dereferencing. QUIZ What
More informationRuntime Defenses against Memory Corruption
CS 380S Runtime Defenses against Memory Corruption Vitaly Shmatikov slide 1 Reading Assignment Cowan et al. Buffer overflows: Attacks and defenses for the vulnerability of the decade (DISCEX 2000). Avijit,
More informationSoftware security, secure programming
Software security, secure programming Fuzzing and Dynamic Analysis Master on Cybersecurity Master MoSiG Academic Year 2017-2018 Outline Fuzzing (or how to cheaply produce useful program inputs) A concrete
More informationRemote Entrusting by Orthogonal Client Replacement
Remote Entrusting by Orthogonal Client Replacement Mariano Ceccato 1, Mila Dalla Preda 2, Anirban Majumdar 3, Paolo Tonella 1 1 Fondazione Bruno Kessler, Trento, Italy 2 University of Verona, Italy 3 University
More informationDarek Mihocka, Emulators.com Stanislav Shwartsman, Intel Corp. June
Darek Mihocka, Emulators.com Stanislav Shwartsman, Intel Corp. June 21 2008 Agenda Introduction Gemulator Bochs Proposed ISA Extensions Conclusions and Future Work Q & A Jun-21-2008 AMAS-BT 2008 2 Introduction
More informationSoftware Vulnerability
Software Vulnerability Refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the
More informationAutomatic Generation of Assembly to IR Translators Using Compilers
Automatic Generation of Assembly to IR Translators Using Compilers Niranjan Hasabnis and R. Sekar Stony Brook University, NY 8th Workshop on Architectural and Microarchitectural Support for Binary Translation
More informationCSCE 548 Building Secure Software Integers & Integer-related Attacks & Format String Attacks. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Integers & Integer-related Attacks & Format String Attacks Professor Lisa Luo Spring 2018 Previous Class Buffer overflows can be devastating It occurs when the access
More informationLabeling Library Functions in Stripped Binaries
Labeling Library Functions in Stripped Binaries Emily R. Jacobson, Nathan Rosenblum, and Barton P. Miller Computer Sciences Department University of Wisconsin - Madison PASTE 2011 Szeged, Hungary September
More informationA generic approach to the definition of low-level components for multi-architecture binary analysis
A generic approach to the definition of low-level components for multi-architecture binary analysis Cédric Valensi PhD advisor: William Jalby University of Versailles Saint-Quentin-en-Yvelines, France
More informationProgram Testing via Symbolic Execution
Program Testing via Symbolic Execution Daniel Dunbar Program Testing via Symbolic Execution p. 1/26 Introduction Motivation Manual testing is difficult Program Testing via Symbolic Execution p. 2/26 Introduction
More informationStaticly Detect Stack Overflow Vulnerabilities with Taint Analysis
ITM Web of Conferences 47 7, 33 (6) DOI:.5/ itmconf/6733 ITA 6 Staticly Detect Stack Overflow Vulnerabilities with Taint Analysis Zhang XING, Zhang BIN,Feng CHAO and Zhang QUAN School of Electronic Science
More informationReverse Engineering Microsoft Binaries
Reverse Engineering Microsoft Binaries Alexander Sotirov asotirov@determina.com Recon 2006 Overview In the next one hour, we will cover: Setting up a scalable reverse engineering environment getting binaries
More informationMaking things work as expected
Making things work as expected System Programming Lab Maksym Planeta Björn Döbel 20.09.2018 Table of Contents Introduction Hands-on Tracing made easy Dynamic intervention Compiler-based helpers The GNU
More informationProtection. Thierry Sans
Protection Thierry Sans Protecting Programs How to lower the risk of a program security flaw resulting from a bug? 1. Build better programs 2. Build better operating systems Build Better Programs Why are
More informationLesson 2 Prototyping Embedded Software on Arduino on Arduino boards. Chapter-9 L02: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education
Lesson 2 Prototyping Embedded Software on Arduino on Arduino boards 1 Prototyping Embedded Software Develop the codes, design and test the embedded devices for IoT and M2M using the IDEs and development
More information