MemGC is not a cure-all. A few UAFs are still exploitable. He's also finding type confusion, out of bounds reads/writes. UAFs are declining.
-
-
BugID automatically performs common crash analysis steps. Goal was make more $ by reporting faster to bounty programs.
1 reply 1 retweet 3 likes -
Replying to @dguido
BugID is a wrapper around CDB on Windows. It is similar to !exploitable but with more useful output. !exploitable was never useful for him.
1 reply 0 retweets 0 likes -
Replying to @dguido
BugID reports contain lots of raw data plus a human readable summary.pic.twitter.com/eYIdJ7ej79
1 reply 0 retweets 2 likes -
Replying to @dguido
BugID detects 1st and 2nd chance exceptions. Then asks, what kind of bug causes this kind of exception?pic.twitter.com/dQ1Ihlkijg
1 reply 0 retweets 1 like -
Replying to @dguido
Needed a method to identify unique bugs. Encodes where, what, and how into a "bug id." Attempts to resolve differences in 32/64-bit builds.pic.twitter.com/IDV6LRwCmD
1 reply 2 retweets 5 likes -
Replying to @dguido
Stages of BugID development: 1. Run tests unattended 2. Don't waste time on known issues 3. Filter by type (filter non-issues) 4. Print $$$
2 replies 0 retweets 1 like -
Replying to @dguido
If symbols are available, BugID tries to look up location in Chrome/Firefox src code. Grades UAFs by estimated control of allocations. Neat!
1 reply 0 retweets 1 like -
Replying to @dguido
BugID tracks distance between AVs and poison values to estimate control. Works for every bug type. Encoded on "bug id hash", easy to grep.pic.twitter.com/u5370K9VC4
2 replies 1 retweet 2 likes -
Replying to @dguido
He's collected data on BugID FPs over the last year. Short time between UAF was a typical FP. FNs using BugID are very low.
1 reply 1 retweet 2 likes
tl;dr Uses WinDBG, Page Heap for UAF. Relies heavily on symbols. Call stack hash and bug type for id. No src req'd, easy to deploy.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.