ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically

DEF CON 18

Presented by: Jeongwook Oh
Date: Sunday August 01, 2010
Time: 16:00 - 16:50
Location: Royale 6-7-8
Track: Track 4

This is a new methods to expedite the speed of binary diffing process. Most of the time in analyzing security patches are spent in finding the patched parts of the binary. In some cases one patch contains multiple patches and feature updates. The mixed patches will make the analysis very difficult and time consuming. That's where our new security patch recognizing technology kicks in. We're presenting general signature based security patch recognition and also a method combined with static taint analysis. With both methods implemented, we are presenting new DarunGrim 3 in this year's Defcon. It'll be a must have tool for the security researchers who's looking for the free 1-day exploits.

Jeongwook Oh

Jeongwook Oh started his career as a firewall developer back in mid 90s. After that he spent few years doing security audits and penetration testing. Finally, he moved to California and joined eEye crew and did some IPS stuff. It involved userland and kernel land hacking stuff. Now he's working for WebSense Inc where he's doing research related to malware and exploit detection.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats