Static code review is an effective way to discover vulnerability variants and exploitation primitives, but two of the most challenging tasks for static analysis are the effective code pattern extraction from huge amounts of various bugs and the efficient code pattern searching from tons of different modules, especially for close source software like Windows. This presentation discusses our practices and experiences for these two challenges...
By: Ken Hsu , Bo Qu , Tao Yan (@Ga1ois)
Full Abstract and Presentation Materials:
www.blackhat.c...