Permalink
Browse files

Update README.md

  • Loading branch information...
dguido committed Nov 22, 2017
1 parent 1448ceb commit 4a6fa79de4b985f1453d6fa17c8ec85d3607b3eb
Showing with 4 additions and 10 deletions.
  1. +4 −10 Automated Exploit Generation/README.md
@@ -1,13 +1,8 @@
## Binary Constraint Solving: Automatic Exploit Generation
## Binary Constraint Solving for Automatic Exploit Generation
Talk Description:
"Practical Uses of Program Analysis to Enable Automatic Exploit Generation"
This talk will show how to perform a control flow attack against a complex, stand-alone application. Specifically, how to use mcsema, LLVM, and satisfiability solvers to discover a targeted execution path using side channel analysis. I show how to traverse this path to collect path constraints and solve for user input which would give us the desired output. This process can then be applied to any targeted behavior in a program, from finding known vulnerability characteristics to simply supplying the correct input to a ‘crackme’ binary. Practical uses of program analysis will be presented and explained including instrumentation, symbolic execution, and concolic execution, both in theory and in practice, and tools for each type of analysis.
This talk will show how to perform a full chain control flow attack against a complex, stand-alone application. Specifically, how to use mcsema, llvm, and satisfiability solvers to discover a targeted execution path using side channel analysis. From this we show how to traverse this path to collect path constraints and solve for user input which would give us the desired output. This process can then be applied to any targeted behavior in a program, from finding known vulnerability characteristics to simply supplying the correct input to a ‘crackme’ binary.
Practical uses of program analysis will be presented and explained. Including Instrumentation, Symbolic and Concolic Execution, both in theory, in practice, and tools for each type.
A demonstration will conclude the talk by solving an obfuscated ‘crackme’ challenge using the above described process as well as a mini ‘competition’ by running a pintool solver and a pysymemu solver against the same binary and comparing to see which gets the flag first.
The talk will conclude with a demonstration that uses the tools described to solve an obfuscated ‘crackme’ challenge, and a ‘competition’ between a pintool solver and a pysymemu solver that compares which can extract the flag from the same binary first.
Presented at
@@ -17,8 +12,7 @@ Presented at
Resources
* Whitepapers: [Trail of Bits blog - Coming soon]()
* Slides: [sophia.re](http://www.sophia.re/AEG/index.html)
* Slides: [Automated Exploit Generation](/presentations/Automated%20Exploit%20Generation/AEG.pptx)
Author
* Sophia D'Antoine

0 comments on commit 4a6fa79

Please sign in to comment.