BSides Cleveland 2019

Symbolic Execution is changing the art of vulnerability research. This talk will
discuss using the popular angr framework specifically as used within the context
of the Windows kernel. Due to the technology being newer, there are inherent
short comings in compatibility which will be discussed with recommendations on
how to address them with detailed examples. This portion of the talk will go
over some technical details of the Windows kernel, how binaries are loaded, some
control flow routines and how they impact simulation within the angr framework.
Finally a case study will be provided on utilizing angr for the purpose of
automating the analysis necessary to triage kernel mode drivers.

Attendees will leave the talk with an understanding of what symbolic execution
is from a high level and familiarity with the basic functionality provided by
the angr framework. Finally, attendees will see an example of applying angr to
solve a real world problem while addressing the current limitations.