[ Ссылка ]
Practical uses of program analysis will be presented and explained. Including Instrumentation, Symbolic and Concolic Execution, both in theory, in practice, and tools for each type. Specifically, this talk will show how to automatically generate an exploit against a complex, standalone application.
We show how to traverse program control flow to collect path constraints and solve for a desired execution. This process can then be applied to targeting generalized behavior in a program or finding known vulnerability characteristics. A demonstration will conclude the talk by solving an obfuscated ‘crackme’ challenge using the various methods described in the talk. A tool will be published alongside a white paper and the power point.
