PAPER: Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case)

To: "FULLDISC" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: PAPER: Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case)
From: "Piotr Bania" <bania.piotr@xxxxxxxxx>
Date: Mon, 18 May 2009 14:32:01 +0200
Cc: "SBUGTRAQ" <bugtraq@xxxxxxxxxxxxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to:cc:subject :date:mime-version:content-type:content-transfer-encoding:x-priority :x-msmail-priority:x-mailer:x-mimeole; bh=LLLNTfaulI9+hlAIqxVqBarOewMCiv87bh5oLscF86w=; b=r3VTROn7T3mOdFuSesIBY/lxKhUMGkiKa1XrZKbsHK+5/PVTye4g+no+tBFFj4Sfav za9rJovCmehpX3JKSm0wsJWEs5G5ZHe0sywKt3hXeDncA5fyW29ZQHSFbIRkfQ1p8oWo 5J4K12GEeyOmzMdB+PVv3NC88177QWMd4nY60=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:cc:subject:date:mime-version:content-type :content-transfer-encoding:x-priority:x-msmail-priority:x-mailer :x-mimeole; b=qodABPxeT368F1Lb1nD0z8GQEWLNBbeJgPiU9c+M3jbZiHd6iZcpKVdKD7zzbhk3S+ W0JqED8H3CUaCjJNn4st30Xe+Ochz/rWcYJ/CzIHsDRnXc4fUc2OctEeJ62pZQjmt+rh lEtSUb96v0ufnU0qrirBEgpEv+7htt9EFq0mQ=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

SpiderPig is a project created for performing and visualizing data flowanalysis of a selected binary program. SpiderPig was created in the purposeof providing a tool which would be able to help vulnerability and securityresearchers with tracing and analyzing any necessary data and it's furtherpropagation. Such tasks are very often crucial in the vulnerabilitydiscovering/identifying process and typically require a lot of timeconsuming manual work. Following paper discusses methods and techniquesimplemented in SpiderPig in order to perform semi-automatic data flowanalysis.


Paper is available here:
http://piotrbania.com/all/spiderpig/pbania-spiderpig2008.pdf


Simple video demo and some other things available on project website:
http://piotrbania.com/all/spiderpig/


best regards,
Piotr Bania

--
--------------------------------------------------------------------
Piotr Bania - <bania.piotr@xxxxxxxxx> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A  BFA4 1FF6 689F BE43 AC33
http://www.piotrbania.com  - Key ID: 0xBE43AC33
--------------------------------------------------------------------

              - "The more I learn about men, the more I love dogs."


P.S Did ya know adult pigs can run at speeds of up to 11 miles an hour?

Prev by Date: rPSA-2009-0086-1 postgresql postgresql-contrib postgresql-server
Next by Date: ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability
Previous by thread: rPSA-2009-0086-1 postgresql postgresql-contrib postgresql-server
Next by thread: ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability
Index(es):
- Date
- Thread