Hackers of India

Bug hunting using symbolic virtual machines!

 Anto Joseph 



In this talk , we introduce the participants to the world of symbolic execution. It’s uses in reverse engineering, fuzzing or vulnerability discovery is less known in the infosec community. We try to impart the basics to get up and running with the KLEE symbolic virtual machine and solve some interesting challenges. Software Vulnerabilities like memory corruptions, certain logical bugs, complex arithmetic used for obfuscation etc could be easily solved using symbolic execution. Symbolic execution is well discussed in academic papers, but it is not widely used by security researchers. It has been proved with tools like angr that they are remarkable in detecting vulnerabilities.