@berendjanwever is evaluating 2500 crashes per day on major browsers. This yields about 1 vuln per month. For a sample, check #DailyBug.
-
-
BugID tracks distance between AVs and poison values to estimate control. Works for every bug type. Encoded on "bug id hash", easy to grep.pic.twitter.com/u5370K9VC4
-
He's collected data on BugID FPs over the last year. Short time between UAF was a typical FP. FNs using BugID are very low.
-
tl;dr Uses WinDBG, Page Heap for UAF. Relies heavily on symbols. Call stack hash and bug type for id. No src req'd, easy to deploy.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.