Automated 0-Day Discovery in Binaries – Squashing the Low-Hanging Fruit @ OWASP IL Meetup
Join JFrog's Shachar Menashe for this in-person event at the JFrog TLV Swamp!
January 6, 2023
< 1 min read
Automated 0-Day Discovery in Binaries – Squashing the Low-Hanging Fruit
In past years, publicly available infrastructures such as Ghidra, AFL and Angr have put the “holy grail” of vulnerability research within our grasp: real-world automated 0-day identification, without any reliance on source code and with zero/minimal pre-configuration. After quickly presenting the INFRA:HALT vulnerabilities (affecting HCC embedded TCP/IP stack) and discussing exploitation techniques for the most critical ones from the batch, we will treat them as a case study to present a myriad of contemporary techniques for vulnerability detection by using binary firmware image static analysis. This will include data flow analysis, symbolic execution and standard library function detection through emulation.
Shachar Menashe, Sr. Director Security Research at JFrog
Shachar has more than 15 years of experience in security research & engineering, including low-level R&D, reverse engineering and vulnerability research. He currently leads the security research division in JFrog, specializing in automated vulnerability research techniques.