Discovering Vulnerabilities Using IDA Scripting - SANS Pen Test HackFest Summit 2019

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=dWb3I3Zs_Cg


Duration: 39:14
1,728 views
50

View upcoming Summits: http://www.sans.org/u/DuS


Presenter:
Stephen Sims, (@Steph3nSims), Fellow, The SANS Institute


In this talk, we will walk through several examples of scripting with Interactive Disassembler (IDA) to discover vulnerabilities. We most often think of discovering bugs through the process of fuzzing, but understanding the inner workings of a bug class can enable you to find new bugs through static analysis and scripting. Similarly, this is also a benefit to performing binary diffing. If you determine how a type of vulnerability is patched at the assembly level, you can use that knowledge to identify the same vulnerability at other locations within the code.



Other Videos By SANS Institute


2020-05-27Threat Hunting and the Rise of Targeted eCrime Intrusions | STAR Webcast
2020-05-21Moving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC Talk
2020-05-20Find_Evil - Threat Hunting | SANS@MIC Talk
2020-05-18Tricking modern endpoint security products | SANS@MIC Talk
2020-05-18Modern Domain Deception - The risk, issues and potentiality | SANS@MIC Talk
2020-05-14Cloud Native Payloads: A Matryoshka Doll of Exploits | SANS@MIC Talk
2020-05-14Incident Response in ICS in times of Lockdown | SANS@MIC Talk
2020-05-13SANS – Your Source for Cybersecurity Training – Live Online
2020-05-12Coalfire penetration testers charged with criminal trespass | SANS@MIC Talk
2020-05-12Using the OSINT Mind-State for Better Online Investigations | SANS@MIC Talk
2020-05-11Discovering Vulnerabilities Using IDA Scripting - SANS Pen Test HackFest Summit 2019
2020-05-07The Hackers Apprentice | SANS@MIC Talk
2020-05-07Information Security Misconceptions 2020 | SANS@MIC Talk
2020-05-05Course Preview: Successful Infosec Consulting, Getting Clients Deep Dive | SANS@MIC Talk
2020-05-05Accessing Data in the Cloud | SANS@MIC Talk
2020-04-30The SANS | GIAC Cybersecurity Training Experience: Get Ready for Something Phenomenal
2020-04-30Reflections of a New CISO: 5 Lessons Learned | SANS@MIC Talk
2020-04-30Driving Cybersecurity Change – Establishing a Culture of Protect, Detect and Respond Highlights
2020-04-28Modern Domain Deception - Risks, Limits and potentiality | SANS@MIC Talk
2020-04-28What Students Are Saying About SANS Live Online - New SANS Training Platform
2020-04-23Secure Video Conferencing - What to Train Your Workforce On | SANS@MIC Talk


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
pen testing