Automatic Patch-Based Exploit Generation OWASP By David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng (IEEE Security and Privacy Symposium, May, 2008) Presented in OWASP IL.
Download ReportTranscript Automatic Patch-Based Exploit Generation OWASP By David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng (IEEE Security and Privacy Symposium, May, 2008) Presented in OWASP IL.
Automatic Patch-Based Exploit Generation OWASP By David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng (IEEE Security and Privacy Symposium, May, 2008) Presented in OWASP IL 2008 by Yossi Oren Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org Here’s a Situation: Microsoft just released a patch over Windows Update Your Internet connection is fast, so you got it first You have 1 hour to create an exploit Can you do it? http://bit.ly/apeg OWASP Can you do it? Vulnerability ASPNet Filter Information Disclosure (MS06-033) GDI Integer Overflow (MS07-046) IGMP Denial of Service (MS06-007) PNG Buffer Overflow (MS05-025) Time to Exploit (in seconds) 11.57 10.34 29.07 104.28 http://bit.ly/apeg OWASP How APEG works Diff patched binary and old binary using a bindiffing tool (eEye EBDS) Identify new input sanitization checks Generate candidate exploits (they fail the new checks but pass the old ones) Verify candidate exploits using a taint analyzer (BitBlaze TEMU) http://bit.ly/apeg OWASP Countermeasures Obfuscate patches Encrypt patches, distribute the key only when everybody’s ready Speed up patch distribution via P2P Ignore the problem http://bit.ly/apeg OWASP More information: http://bit.ly/apeg OWASP