Microsoft released its own free and open source security tool at the recent CanSec West. It is called ! Exploitable (officially pronounced: Bang! Exploit) and is released as a plug-in for Win Debugger, which can help analyze the vulnerabilities of (PE) programs. The program It can use two sets of characteristic values called primary hash and secondary hash by Microsoft to classify crash information, and classify crashes caused by the same defect into one category. This defines the exploitability of software defects. In order to demonstrate the practicality of the Exploitable program , internal testing by the Microsoft Security Science Group used four different fuzzers to test the same recently obtained software. Exploitable identified 15 security issues from 57 different crashes caused by fuzz testing, of which only 1 Places are classified as available.
Shirk, director of Microsoft's fuzzing technology program, said the program can help researchers define exploitability and tell us how to discuss these issues, so that we can all be sure that we are discussing the same problem.
Expand
