O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Dynamic binary analysis using angr siddharth muralee

Dynamic binary analysis using angr siddharth muralee

More info : https://cysinfo.com/10th-quarterly-meetup-29th-july-2017/

  • Entre para ver os comentários

Dynamic binary analysis using angr siddharth muralee

  1. 1. DYNAMIC BINARY ANALYSIS USING ANGR Presented by : Siddharth M Cysinfo Meetup - July ‘17 1
  2. 2. About me ●Siddharth M ( @tr3x) ●2nd Year BTech CSE student at Amrita University ●Member of team bi0s ●Focusing on Reverse Engineering 2
  3. 3. www.ctftime.org3
  4. 4. Outline ●What is Binary Analysis ? ●Introduction to Angr ●Various uses of Angr ●Symbolic Execution ●Using Angr to perform SE ●Hooking ●Using Angr to perform Hooking 4
  5. 5. “ Process of analysing an executable to gain a better idea of its working is called Binary analysis 5
  6. 6. Why do we need to Automate it? ●Save a lot of time and effort ●Avoid human error ●Cost - effective ●Boring ●All factors accounted for 6
  7. 7. Angr ●Shellphish’s entry for DARPA’s CGC - came 3rd ●Python based framework ●Open Source ●Can detect and exploit vulnerabilities Installation instructions at angr.io www.angr.io7
  8. 8. Various uses of Angr ●Control Flow Graph recovery ●Symbolic Execution ●ROP chain generation ●Binary Hardening ●Exploit Generation 8
  9. 9. Symbolic Execution Analysing a program to determine the input/inputs to be given to make each part of the program to execute. 9
  10. 10. www.shellstorm.org 10
  11. 11. Angr and Symbolic Execution ● Symbolic variables ● Finds paths that are important ● Makes constrains related to the variable ● Solves those constraints using z3 11
  12. 12. Demo Challenge : unbreakable-enterprise Google CTF 2016 12
  13. 13. Hooking Hooking is a technique used while reverse engineering where certain instructions/calls are replaced with custom made functions and calls. 13
  14. 14. Hooking is used for ●Faster Reverse Engineering ●Tracing function calls ●Parameter checking ●Logging 14
  15. 15. Demo 2 15
  16. 16. Summary ●Angr uses symbolic variables and constraints to find out more about executable. ●Angr can hook functions ●Paths , Path groups ●States - entry state , blank state ●explore - find, avoid ●se - solver engine ● Claripy ●Library functions 16

×