O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

Dynamic binary analysis using angr siddharth muralee

Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio

Confira estes a seguir

1 de 16 Anúncio
Anúncio

Mais Conteúdo rRelacionado

Mais de Cysinfo Cyber Security Community (20)

Anúncio

Mais recentes (20)

Dynamic binary analysis using angr siddharth muralee

  1. 1. DYNAMIC BINARY ANALYSIS USING ANGR Presented by : Siddharth M Cysinfo Meetup - July ‘17 1
  2. 2. About me ●Siddharth M ( @tr3x) ●2nd Year BTech CSE student at Amrita University ●Member of team bi0s ●Focusing on Reverse Engineering 2
  3. 3. www.ctftime.org3
  4. 4. Outline ●What is Binary Analysis ? ●Introduction to Angr ●Various uses of Angr ●Symbolic Execution ●Using Angr to perform SE ●Hooking ●Using Angr to perform Hooking 4
  5. 5. “ Process of analysing an executable to gain a better idea of its working is called Binary analysis 5
  6. 6. Why do we need to Automate it? ●Save a lot of time and effort ●Avoid human error ●Cost - effective ●Boring ●All factors accounted for 6
  7. 7. Angr ●Shellphish’s entry for DARPA’s CGC - came 3rd ●Python based framework ●Open Source ●Can detect and exploit vulnerabilities Installation instructions at angr.io www.angr.io7
  8. 8. Various uses of Angr ●Control Flow Graph recovery ●Symbolic Execution ●ROP chain generation ●Binary Hardening ●Exploit Generation 8
  9. 9. Symbolic Execution Analysing a program to determine the input/inputs to be given to make each part of the program to execute. 9
  10. 10. www.shellstorm.org 10
  11. 11. Angr and Symbolic Execution ● Symbolic variables ● Finds paths that are important ● Makes constrains related to the variable ● Solves those constraints using z3 11
  12. 12. Demo Challenge : unbreakable-enterprise Google CTF 2016 12
  13. 13. Hooking Hooking is a technique used while reverse engineering where certain instructions/calls are replaced with custom made functions and calls. 13
  14. 14. Hooking is used for ●Faster Reverse Engineering ●Tracing function calls ●Parameter checking ●Logging 14
  15. 15. Demo 2 15
  16. 16. Summary ●Angr uses symbolic variables and constraints to find out more about executable. ●Angr can hook functions ●Paths , Path groups ●States - entry state , blank state ●explore - find, avoid ●se - solver engine ● Claripy ●Library functions 16

×