REVEN DEMO - Comparing the dynamic execution on 2 systems (3/3)

Apr 23, 2020
by Mathieu
Categories: Tutorial -
Tags: Demo - REVEN -

This video continues the analysis of CVE-2019-1347. It demonstrates how to compare 2 executions, on a vulnerable system vs non-vulnerable system to extract valuable information about the vulnerability.

The first video demonstrated how to move quickly from a system crash to the input file responsible and the WinDbg Integration. The second video demo uses data flow tainting forward. It also shows the IDA integration to get both the static & the dynamic view of the application under analysis.

This demo is related to the CVE-2019-1347 (“When a mouse over a file is enough to crash your system”). The full vulnerability analysis report is available here.

This video is the last of a series of 3.

Next post: Automated analysis of crashes or malware, and integration with fuzzers
Previous post: REVEN DEMO - Taint and IDA Integration (2/3)