Lightning Talk: Discovering A New Class Of Vulnerability Through Binary Analysis presented at t2 2009

by Christien ( Dildog ) Rioux (Veracode ),

Tags: Security

Summary : Working on a deep binary analysis and decompilation system has resulted in the discovery of a few new types of vulnerabilities not currently being discussed. This is because these vulnerabilities are more obvious when you are trying to reconcile the 'meaning' of a program from its representation, and one finds curious discontinuities from one's the binary input. This quick presentation will discuss one of the types of flaws that we discovered when building support for a difficult-to-analyze customer program at Veracode. This will be a technical presentation with discussion of flaw identification, exploitation, and remediation.