| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Symbolic Execution is changing the art of vulnerability research. This talk will
discuss using the popular angr framework specifically as used within the context
of the Windows kernel. Due to the technology being newer, there are inherent
short comings in compatibility which will be discussed with recommendations on
how to address them with detailed examples. This portion of the talk will go
over some technical details of the Windows kernel, how binaries are loaded, some
control flow routines and how they impact simulation within the angr framework.
Finally a case study will be provided on utilizing angr for the purpose of
automating the analysis necessary to triage kernel mode drivers.
Attendees will leave the talk with an understanding of what symbolic execution
is from a high level and familiarity with the basic functionality provided by
the angr framework. Finally, attendees will see an example of applying angr to
solve a real world problem while addressing the current limitations.
Spencer McIntyre works for a US-based consulting firm doing R&D. He is an avid
open source contributor and Python enthusiast.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast