Automated analysis of crashes or malware, and integration with fuzzers
Analyzing a crash within a fuzzing process or not, capturing and analyzing malware activities, those tasks can now be fully automated with REVEN. It’s also easy to plug it into your tool chain or customize it.
This demo presents the entire automated workflow:
- starting a VM.
- loading and launching the desired binaries.
- starting and stopping the recording when required.
- post-processing the recording to generate the trace.
- launching analysis scripts to identify the crash and extract relevant information.
The short video of the full process:
Recording a scenario for analysis can also be done interactively: set the VM in the state you want to start from and manually trigger the start and stop of the recording. A post introducing this procedure is available here.