Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automatic Patch-Based Exploit Generation

Published byMorgan Young Modified over 6 years ago

Similar presentations

Presentation on theme: "Automatic Patch-Based Exploit Generation"— Presentation transcript:

1 Automatic Patch-Based Exploit Generation
By David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng (IEEE Security and Privacy Symposium, May, 2008) Presented in OWASP IL 2008 by Yossi Oren Carnegie Mellon University (Silicon Valley) מי מכיר את ההתקפה הזו?

2 Microsoft just released a patch over Windows Update
Here’s a Situation: Microsoft just released a patch over Windows Update Your Internet connection is fast, so you got it first You have 1 hour to create an exploit Can you do it? לא שיחררו patch סתם – זה בא לפתור משהו. בוא נגלה מה זה בא לפתור ונייצר התקפה

3 Can you do it? Vulnerability Time to Exploit (in seconds)
ASPNet Filter Information Disclosure (MS06-033) 11.57 GDI Integer Overflow (MS07-046) 10.34 IGMP Denial of Service (MS06-007) 29.07 PNG Buffer Overflow (MS05-025) 104.28

4 Identify new input sanitization checks
How APEG works Diff patched binary and old binary using a bin-diffing tool (eEye EBDS) Identify new input sanitization checks Generate candidate exploits (they fail the new checks but pass the old ones) Verify candidate exploits using a taint analyzer (BitBlaze TEMU) TEMU is built upon a whole-system emulator, QEMU

5 Countermeasures Obfuscate patches Encrypt patches, distribute the key only when everybody’s ready Speed up patch distribution via P2P Ignore the problem

6 More information:

Download ppt "Automatic Patch-Based Exploit Generation"

Similar presentations

SM Online Group Administration Technical Configuration & Testing O L G A.

SM Online Group Administration Technical Configuration & Testing O L G A.
Binary Analysis for Botnet Reverse Engineering & Defense Dawn Song UC Berkeley.

Binary Analysis for Botnet Reverse Engineering & Defense Dawn Song UC Berkeley.
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices Steve Hanna 1, Rolf Rolles 4, Andres.

Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices Steve Hanna 1, Rolf Rolles 4, Andres.
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.
SMU SRG reading by Tey Chee Meng: Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications by David Brumley, Pongsin Poosankam,

SMU SRG reading by Tey Chee Meng: Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications by David Brumley, Pongsin Poosankam,
David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.

David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.
Differential Slicing: Identifying Causal Execution Differences for Security Applications Noah M. Johnson 1, Juan Caballero 2, Kevin Zhijie Chen 1, Stephen.

Differential Slicing: Identifying Causal Execution Differences for Security Applications Noah M. Johnson 1, Juan Caballero 2, Kevin Zhijie Chen 1, Stephen.
Bug Isolation via Remote Program Sampling Ben Liblit, Alex Aiken, Alice X.Zheng, Michael I.Jordan Presented by: Xia Cheng.

Bug Isolation via Remote Program Sampling Ben Liblit, Alex Aiken, Alice X.Zheng, Michael I.Jordan Presented by: Xia Cheng.
Software Security Lecture 0 Fang Yu Dept. of MIS National Chengchi University Spring 2011.

Software Security Lecture 0 Fang Yu Dept. of MIS National Chengchi University Spring 2011.
Vigilante: End-to-End Containment of Internet Worms M. Costa et al. (MSR) SOSP 2005 Shimin Chen LBA Reading Group.

Vigilante: End-to-End Containment of Internet Worms M. Costa et al. (MSR) SOSP 2005 Shimin Chen LBA Reading Group.
1 Loop-Extended Symbolic Execution on Binary Programs Pongsin Poosankam ‡* Prateek Saxena * Stephen McCamant * Dawn Song * ‡ Carnegie Mellon University.

1 Loop-Extended Symbolic Execution on Binary Programs Pongsin Poosankam ‡* Prateek Saxena * Stephen McCamant * Dawn Song * ‡ Carnegie Mellon University.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.

SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
A Framework for Automated Web Application Security Evaluation

A Framework for Automated Web Application Security Evaluation
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:

Exploitation: Buffer Overflow, SQL injection, Adobe files Source:

Similar presentations

Ads by Google