2 posts in archive

IE crash analysis

17 Dec 2014 - REVEN - Axion REVEN Taint Reverse Engineering Use After Free

Today we will analyse a crash of Internet Explorer. Reven scenario generation According to Exodus Intelligence, a vulnerability was silently fixed in MS13-055 patch along with other things. They showed on their blog how to exploit it. We generated our REVEN scenario where we give an html file to Internet...

Data painting

03 Dec 2014 - REVEN - Axion REVEN Taint

http://www.cir.uc.edu/ In this post we’ll present Reven dynamic data tainting capabilities and see some use cases of the tool. Dynamic data tainting The so called data tainting is a well known technique used to analyse the impact of data on a program. The idea is to apply a taint to a...