Be a Binary Rockstar: Next-level static analyses for vulnerability research
Category: Vulnerability Research
Summary: Program Analysis is often hampered when source code is not available. Many static program analysis tools depend on the availability of source code and cannot operate on binaries. One solution to this problem is Intermediate Languages that allow advanced analysis, but require lifting or translation from native instructions.
This talk will describe and release an example IL analysis plugin for automated discovery of a simple memory corruption vulnerability, using the Binary Ninja IL. A script for IL based variable signed analysis will also be described and released. The concepts of variable analysis, abstract interpretation, and integer range analysis will be discussed in the context of vulnerability discovery.