Archives


November 10, 2016 : SSPREW 2016

BINSEC has a paper by Josselin Feist & al. accepted at SSPREW called Finding the Needle in the Heap: Combining Static Analysis and Dynamic Symbolic Execution to Trigger Use-After-Free.

Here is the abstract:

This paper presents a fully automated technique to find and trigger Use-After-Free vulnerabilities (UAF) on binary code. The approach combines a static analyzer and a dynamic symbolic execution engine. We also introduce several original heuristics for the dynamic symbolic execution part, speeding up the exploration and making this combination effective in practice . The tool we developed is open-source, and it has successfully been applied on real world vulnerabilities. As an example, we detail a proof-of-concept exploit triggering a previously unknown vulnerability on JasPer leading to the CVE-2015-5221

November 04, 2016 : FM 2016

BINSEC will be at Formal Methods 2016 where Adel Djoudi will present the paper Recovering high-level conditions from binary programs.

The abstract is here.

The pre-print is available from here

October 20, 2016 : Blackhat Europe 2016

BINSEC will be present at Blackhat Europe 2016 with a talk by Robin David & Sébastien Bardin.

The talk is titled Code Deobfuscation: Intertwining Dynamic, Static and Symbolic Approaches.

More details here.

August 31, 2016 : Release of Beta 2

We are proud to announce the second beta release of our tool platform.

This is a bugfix release with respect to the first beta.

You can download it from here.

July 15, 2016 : ISSTA 2016

BINSEC will be present at ISSTA 2016 with a paper by Robin David & al.

The paper is titled Specification of Concretization and Symbolization Policies in Symbolic Execution. The abstract is available.

July 04, 2016 : Release of Beta 1

We are proud to announce the first release of our tool platform.

You can download it from here.

July 01, 2016 : RMLL 2016

BINSEC will be present at RMLL 2016: The Security Track with a talk by Sébastien Bardin.

The talk is titled BINSEC: Binary-level Semantic Analysis to the Rescue.

More details here. The video is available here.

July 01, 2016 : Cyber In Bretagne

BINSEC will be present at the Cyber In Bretagne Summer School 2016 with a talk by Sébastien Bardin.

The talk is titled Binary-level program analysis and its applications to security.

More details here.