BugId - automated bug analysis

Author(s): Berend-Jan Wever
Category: Vulnerability Development
Duration: 45
Summary: Whether you are looking for vulns, or handling vulns reported by others,
at some point you're going to have a repro that crashes an application
and you're going to want to know as much as possible about the bug it's
triggering, spending as little effort and time as possible doing this.
What you want is automated bug detection, analysis, triaging and
bucketizing. This is what BugId was designed to do and this talk will
explain how it works.

BugId is a python script that runs a Windows application in a debugger,
using page-heap to detect memory corruption and out-of-bound access
early. It handles exceptions and reports bugs not as "access violation"
but as "heap use-after-free", "heap out-of-bounds read", "NULL pointer
dereference", etc. It will tell you how big the relevant memory block is
and the offset at which the code is trying to access it. It will tell
you if the bug is likely to be exploitable and what an attacker might
need to do to exploit it. It can collect a large number of details and
write these into a human readable, HTML formatted report.

Since I am finding more than one unique bug a day with my fuzzing
framework, I've integrated it in my fuzzing framework to triage and
bucketize my bugs. It allows me to prioritize the interesting
vulnerabilities and jump-starts analysis by telling me most of the basic
information I need before I've even started a debugger.

Likes: 0

Comments

magicmac

Yes! I've been following Skylined work and it's simply brilliant. It would be amazing to see him live showing us BugID, apparently, a time saver when triaging memory corruption bugs.


tuviejaenbolas

Looks like a very good talk!


mitjakolsek

Sounds like a very useful tool for bug hunters. I'm a fan of everything that makes vulnerability analysis easier and quicker.


petermbele

Awesome tool. I use it daily


41w4r10r

Awesome tool, Already using and looking forward to know more about it.


zenhumany

Awsome tool. Expect you to talk about the fuzzer method