Keith Makan is a security consultant with experience in delivering secure assessment of code in various industries spanning companies across the globe. Keith has consulted at the biggest businesses in software and internet based technologies and remains eager to learn new was to assess and scrutinize modern applications and environments. Keith has published two books in the information security field namely the Android Security Cookbook and Penetration Testing with the Bash shell, and is currently pursuing his masters with focus on application of Symbolic Execution.
Angr is a python framework for analyzing binary programs that comes jam packed with the power of symbolic execution. Angr can automate sophisticated reasoning about programs and facilitate creation of cutting edge symbolic execution strategies. Although some tricks and tips are required to ensure practical application doesn't get bogged down by state explosion and other spins offs of the halting problem. This talk is for anyone who would like an introduction to symbolic execution, learn a powerful tool for automating tasks related to reverse engineering, exploit development and vulnerability discovery and get to know Angr a little better. The presenter will walk through some basic symbolic execution concepts, discuss the internals of Angr and guide listeners through how to design state exploration strategies to make practical applications and analysis written in Angr work.
- What is symbolic execution? (5 mins): Walk through a basic introduction to the concepts, why symbolic execution is cool and what kinds of problems we can solve with it.
- What is Angr? How does it work? (5-10 mins): Crash course in the components that make up Angr, how they work together and a demonstration of a simple CTF example with the framework.
- How do I build a state exploration strategy? (10-15 mins): Walk through of the built in state exploration algorithms that come with Angr, what makes them awesome and how to build one of your own to adapt to the binaries you analyze and reverse engineer.
- Closing and other ideas (3-5 mins): Summary of the discussion and mention of other things to explore with the framework.
Total running time: ~30-35 mins More about Angr at https://angr.io/.