Clik here to view.
A Preview of McSema
On June 28th Artem Dinaburg and Andrew Ruef will be speaking at REcon 2014 about a project named McSema. McSema is a framework for translating x86 binaries into LLVM bitcode. This translation is the...
View ArticleClik here to view.
McSema is Officially Open Source!
We are proud to announce that McSema is now open source! McSema is a framework for analyzing and transforming machine-code programs to LLVM bitcode. It supports translation of x86 machine code,...
View ArticleClik here to view.
Close Encounters with Symbolic Execution
At THREADS 2014, I demonstrated a new capability of mcsema that enables the use of KLEE, a symbolic execution framework, on software available only in binary form. In the talk, I described how to use...
View ArticleClik here to view.
Close Encounters with Symbolic Execution (Part 2)
This is part two of a two-part blog post that shows how to use KLEE with mcsema to symbolically execute Linux binaries (see the first post!). This part will cover how to build KLEE, mcsema, and provide...
View ArticleClik here to view.
How We Fared in the Cyber Grand Challenge
The Cyber Grand Challenge qualifying event was held on June 3rd, at exactly noon Eastern time. At that instant, our Cyber Reasoning System (CRS) was given 131 purposely built insecure programs. During...
View ArticleClik here to view.
Hacking for Charity: Automated Bug-finding in LibOTR
At the end of last year, we had some free time to explore new and interesting uses of the automated bug-finding technology we developed for the DARPA Cyber Grand Challenge. While the rest of the...
View ArticleClik here to view.
Windows network security now easier with osquery
Today, Facebook announced the successful completion of our work: osquery for Windows. “Today, we’re excited to announce the availability of an osquery developer kit for Windows so security teams can...
View ArticleClik here to view.
Let’s talk about CFI: clang edition
Our previous blog posts often mentioned control flow integrity, or CFI, but we have never explained what CFI is, how to use it, or why you should care. It’s time to remedy the situation! In this blog...
View ArticleClik here to view.
Let’s talk about CFI: Microsoft Edition
We’re back with our promised second installment discussing control flow integrity. This time, we will talk about Microsoft’s implementation of control flow integrity. As a reminder, control flow...
View ArticleClik here to view.
The Challenges of Deploying Security Mitigations
This blog has promoted control flow integrity (CFI) as a game changing security mitigation and encouraged its use. We wanted to take our own security advice and start securing software we use. To that...
View ArticleClik here to view.
An accessible overview of Meltdown and Spectre, Part 1
In the past few weeks the details of two critical design flaws in modern processors were finally revealed to the public. Much has been written about the impact of Meltdown and Spectre, but there is...
View ArticleClik here to view.
An accessible overview of Meltdown and Spectre, Part 2
This is the second half of our blog post on the Meltdown an Spectre vulnerabilities, describing Spectre Variant 1 (V1) and Spectre Variant 2 (V2). If you have not done so already, please review the...
View ArticleClik here to view.
Protecting Software Against Exploitation with DARPA’s CFAR
Today, we’re going to talk about a hard problem that we are working on as part of DARPA’s Cyber Fault-Tolerant Attack Recovery (CFAR) program: automatically protecting software from 0-day exploits,...
View ArticleFuzzing Like It’s 1989
With 2019 a day away, let’s reflect on the past to see how we can improve. Yes, let’s take a long look back 30 years and reflect on the original fuzzing paper, An Empirical Study of the Reliability of...
View ArticleClik here to view.
Fuzzing In The Year 2000
It is time for the second installment of our efforts to reproduce original fuzzing research on modern systems. If you haven’t yet, please read the first part. This time we tackle fuzzing on Windows by...
View ArticleTSC Frequency For All: Better Profiling and Benchmarking
Have you ever tried using LLVM’s X-Ray profiling tools to make some flame graphs, but gotten obscure errors like: ==65892==Unable to determine CPU frequency for TSC accounting. ==65892==Unable to...
View ArticleClik here to view.
64 Bits ought to be enough for anybody!
How quickly can we use brute force to guess a 64-bit number? The short answer is, it all depends on what resources are available. So we’re going to examine this problem starting with the most naive...
View Article
