Newsletter
By applying traditional fuzzing techniques, we achieved high throughput SMT constraint solving. We were able to achieve 23 billion execs/s using GPU acceleration. SMT solvers typically apply very complicated algorithms to determine if a set of constraints is satisfiable (and produce a solution). The approach that we have taken
Newsletter
This year’s CSAW quals was the first time I authored a challenge, the challenge is called krakme and it was a 200pt rev challenge. You can view the challenge files in the repo here. The idea for this challenge was formed after reading this paper The impact of GPU-assisted
Newsletter
CTF Writeup for DawgCTF 2020: Where we roppin boys? DawgCTF 2020: Where we roppin boys? (350 points) * Challenge author: trashcanna Challenge files can be found here. Overview The rop program we are presented with is quite simple. main runs the welcome function, then the tryme function. The welcome function mmaps
Newsletter
Vasilisk is a V8 JIT fuzzer that focuses on optimization passes. Background Fuzzing consists of randomized input generation to automate the process of finding crashes in programs. The probability of finding a crash increases as code coverage in the application increases. In a well formed fuzzing campaign, test cases are
Newsletter
This post is on how the Ghidra decompiler works, and how to make it work for Go. Part 1 At the time of writing, the most recent major version of Go is Go 1.13 golang.org The most recent major version of Ghidra is Ghidra 9.11 github.com/
Newsletter
This will be part of a multi-part post on Go binaries and reverse engineering them. Part 2 At the time of writing, the most recent major version of Go is Go 1.13 Why Go? Go has been part of a new wave of malware for a variety of reasons.
Newsletter
To learn how tools like IDA work under the hood, and learn more about binary analysis, I made OBIN for Osiris Binary analysis tool which does the following: * Parsing the elf file and show the information in the header * Disassembling the sections which include program code (there is also an
Newsletter
The OSIRIS Lab is very happy to welcome two new Hackers in Residence this fall! Nick Gregory, whose contributions as a lab member the past several years have been invaluable, and Alexei Bulazel, whose lectures have been incredibly insightful and forced us to learn. We look forward to working with
Newsletter
Our economy is becoming more specialized and more and more tasks are being automated. We must have confidence in these systems and the technical infrastructure that supports them. However, this confidence relies on too much implicit trust – overlooking serious risks. Assurance in this area is hard won, manual, and costly.
Newsletter
Please check the first part of this series on Android 101, if you want to check the necessary tools and how to prepare for the app assessment. Lesson6Activity (Encryption vs Encraption) As the title suggests, this lesson is about encryption. Specifically, it concentrates difficulties with key management and why relying