Vulncatcher: Fun With Vtrace And Programmatic Debugging presented at ShmooCon 2008

by Atlas ,

Tags: Security Unix

Summary : Many hours are spent researching vulnerabilities in proprietary and open source software for each bug found. Many indicators of potential vulnerabilities are visible both in the disassembly and debugging, if you know what to look for. How much can be automated? VulnCatcher illustrates the power of programmatic debugging using the VTRACE libraries for cross-platform debugging.
atlas is an average joe who spends his time learning new ways to make computer systems dance. When he's not slicing and dicing windows and unix binaries, he's writing tools to make vulnerability research simpler and more enjoyable. His hobbies include deadlisting (opcode disassembly), vulnerability research, and lately he's been working on processor emulation and kernel-mode internals. atlas leads the capture-the-flag team, 1@stplace, who recently won back-to-back victories at defcon, which he blames on his teammates. "I surround myself with brilliant people," he quips.