A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Automating Windows Kernel Analysis With Symbolic Execution - Spencer McIntyre BSides Cleveland 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Automating Windows Kernel Analysis With Symbolic Execution
Spencer McIntyre

@zeroSteiner

Symbolic Execution is changing the art of vulnerability research. This talk will discuss using the popular angr framework specifically as used within the context of the Windows kernel. Due to the technology being newer, there are inherent short comings in compatibility which will be discussed with recommendations on how to address them with detailed examples. This portion of the talk will go over some technical details of the Windows kernel, how binaries are loaded, some control flow routines and how they impact simulation within the angr framework. Finally a case study will be provided on utilizing angr for the purpose of automating the analysis necessary to triage kernel mode drivers. Attendees will leave the talk with an understanding of what symbolic execution is from a high level and familiarity with the basic functionality provided by the angr framework. Finally, attendees will see an example of applying angr to solve a real world problem while addressing the current limitations.

Spencer McIntyre works for a US-based consulting firm doing R&D. He is an avid open source contributor and Python enthusiast.


Back to BSides Cleveland 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast