DPTrace: Dual Purpose Trace for Exploitability Analysis of Program Crashes

by Rodrigo Rubira Branco, Rohit Mothe
Sept. 15, 2017 1 comment www.blackhat.com belen_caty Pen Testing & Audits

This research focuses on determining the practical exploitability of software issues by means of crash analysis. The target was not to automatically generate exploits, and not even to fully automate the entire process of crash analysis; but to provide a holistic feedback-oriented approach that augments a researcher's efforts in triaging the exploitability and impact of a program crash (or fault). The result is a semi-automated crash analysis framework that can speed-up the work of an exploit writer (analyst). Fuzzing, a powerful method for vulnerability discovery keeps getting more popular in all segments across the industry - from developers to bug hunters. With fuzzing frameworks becoming more sophisticated (and intelligent), the task of product security teams and exploit analysts to triage the constant influx of bug reports and associated crashes received from external researchers has increased dramatically.


Steven Ulm 8 months ago

Really well researched article ! I learnt a lot from it !