John McIntosh - ghidriff
Presented on Friday 15th September 2023 at 44CON 2023
This talk presents ghidriff, a new open-source Python package that offers a command line binary diffing capability leveraging the power of Ghidra with a fresh take on the standard patch diffing workflow. As seen in most security blog posts today, binary diffing tools are essential for reverse engineering, vulnerability research, and malware analysis as they identify added, deleted, and modified functions between two binaries. Matching functions across binaries is a challenging and asymmetric problem because of complex function relationships and the many changes that can occur after a simple change is introduced into the source of a binary. ghidriff overcomes this challenge by offering the latest function matching heuristics while also providing the user the ability to write custom function correlation classes. Like other binary diffing solutions, the tool stands on the shoulders of giants (SRE tooling) to interpret a binary and provide a consistent and reliable approach to binary diffing. Unlike other tools, ghidriff offers a command line experience, simplifying the entire patch diffing workflow to only a single step, significantly reducing analysis time. Additionally, the results of the diff are rendered as beautiful markdown files that can be shared and hosted almost anywhere. ghidriff is the tool security researchers need to quickly understand the latest patched vulnerabilities and easily share their next vulnerability writeup with the security community.
John McIntosh:
A security researcher in Canada who is passionate about learning and sharing knowledge on various aspects of information security. He has a keen interest in binary analysis, patch diffing, and vulnerability discovery. He is the creator of several open-source security and InfoSec tools and also blogs regularly about his research projects and experiments with Ghidra and Jupyter Notebooks. He has presented his previous work at events such as InfoSec Jupyterthon 2022 and REcon 2023. You can follow him on Twitter [@clearbluejar] or visit his website[https://clearbluejar.github.io/]
This talk presents ghidriff, a new open-source Python package that offers a command line binary diffing capability leveraging the power of Ghidra with a fresh take on the standard patch diffing workflow. As seen in most security blog posts today, binary diffing tools are essential for reverse engineering, vulnerability research, and malware analysis as they identify added, deleted, and modified functions between two binaries. Matching functions across binaries is a challenging and asymmetric problem because of complex function relationships and the many changes that can occur after a simple change is introduced into the source of a binary. ghidriff overcomes this challenge by offering the latest function matching heuristics while also providing the user the ability to write custom function correlation classes. Like other binary diffing solutions, the tool stands on the shoulders of giants (SRE tooling) to interpret a binary and provide a consistent and reliable approach to binary diffing. Unlike other tools, ghidriff offers a command line experience, simplifying the entire patch diffing workflow to only a single step, significantly reducing analysis time. Additionally, the results of the diff are rendered as beautiful markdown files that can be shared and hosted almost anywhere. ghidriff is the tool security researchers need to quickly understand the latest patched vulnerabilities and easily share their next vulnerability writeup with the security community.
John McIntosh:
A security researcher in Canada who is passionate about learning and sharing knowledge on various aspects of information security. He has a keen interest in binary analysis, patch diffing, and vulnerability discovery. He is the creator of several open-source security and InfoSec tools and also blogs regularly about his research projects and experiments with Ghidra and Jupyter Notebooks. He has presented his previous work at events such as InfoSec Jupyterthon 2022 and REcon 2023. You can follow him on Twitter [@clearbluejar] or visit his website[https://clearbluejar.github.io/]
Комментарии:
John McIntosh - ghidriff
44CON Information Security Conference
Мультяшки - объясняшки: Новогодняя песенка / теремок тв: песенки - мультики про новый год
Теремок - Песенки для детей
Edmonton Oilers Trade News | Evander Kane | Cody Ceci | Brett Kulak
The Oilers Fanatic
মিছে মায়ায় মজিয়ে মন কি করো রে || mise mayay mojiye mon || Doli Mondol || Music- Glive Kushtia
Music - GLive Kushtia, GNN
Renting a Yacht in Dubai is EASY !!! ️
DubaiOnPoint
Иван Ургант Про возвращение Вечернего Урганта Ёлки и природоведение Опять не Гальцев
Плюшки
54 года назад
Скулбой 3 НОВЫЙ СРАНЫЙ ГОД ТРЕЙЛЕР Будьте Осторожны С Желаниями Schoolboy 2 Trailer
DH Animation RUS
54 года назад
Ура С наступающим 2025 Новые Русские Бабки и Все Звёзды Юмора Измайловский парк
Новые русские бабки
54 года назад
