Alex Bazhanyuk (Reverse Engineer, CISS) & Nikita Tarakanov (Reverse Engineer, CISS)
PRESENTATION TITLE: Automatically Searching for Vulnerabilities: How to Use Taint Analysis to Find Security Bugs
PRESENTATION ABSTRACT:
In this presentation, we will discuss The System of Automatic Searching for Vulnerabilities (SASV).
We will show how to use SASV and how to find vulnerabilities in fully automatic mode. We will demonstrate automatic process of finding security bugs in the kernel drivers of the Windows Operating System and describe in depth the key mechanisms of SASV.
The SASV framework was developed based on the integration of IDA Pro and BitBlaze. The key mechanism of SASV is to implement taint propagation algorithm. We will talk about some real life examples, and some advanced algorithms, like: static taint analysis.
ABOUT ALEX BAZHANYUK
I take part in the BitBlaze project: http://bitblaze.cs.berkeley.edu/ and work as a reverse engineering in CISS (Center of Innovative Security Solutions) http://cisscompany.com/ My responsibilities include development fuzzing R0 (syscall,ioctl), R3 (browsers, office suites, Flash) and binary analysis. You can follow me on Twitter @ABazhanyuk
ABOUT NIKITA TARAKANOV
Nikita has worked as a security researcher in Positive Technologies, Vupen Security and CISS. He is the author of some materials about kernel vulnerabilities and exploitation in kernel land and currently, does vulnerability research relating to the problem surrounding the automatic searching of vulnerabilities.