In this talk, we will show cutting edge research and a tool built to accurately detect vulnerabilities. The tool leverages the standard program execution to detect the full dataflow of vulnerabilities at runtime. It can be used both offensively and defensively. We will show how RAVAGE can be used to detect vulnerabilities, generate exploits, and integrate the newly found exploits into existing exploitation frameworks. In addition to the offensive usage, it can also be used defensively by running existing non-security-related test cases to detect security vulnerabilities.
We will open source RAVAGE as well as design documentation at Black Hat.