Presentations - Bug hunting using symbolic virtual machines

  • Location: Security Theater
  • Speaker: Anto Joseph
  • Date and time: 21. October 2017. 13:45 - 14:25

In this talk, we introduce the participants to the world of symbolic execution. It's uses in reverse engineering, fuzzing or vulnerability discovery is less known in the infosec community. We try to impart the basics to get up and running with the KLEE symbolic virtual machine and solve some interesting challenges.

Software Vulnerabilities like memory corruptions, certain logical bugs, complex arithmetic used for obfuscation  etc could be easily solved using symbolicexecution. Symbolic execution is well discussed in academic papers  , but it is not widely used by security researchers. It has been proved with tools like angr that they are remarkable in detecting vulnerabilities.

We have a ready to go docker image that has all the talk material  loaded with challenges which introduce participants the basic topics.


Sponsors:

Gold
Gold
Gold
Silver
Silver
Silver
Silver
Silver
Silver
Bronze
JOB
Technical