Wednesday, April 23, 2014

"The Brain Stealer", Heartbleeding partial keys, etc.

One thing about bugs like Heartbleed is that they give you random memory contents. And sometimes these memory contents include an entire private key, and sometimes they do not. What can you do with a partial RSA key? Well, often you can solve using an SMT solver for the rest of the key! How cool is that? 

I mention this because it is something I did not know until yesterday, when Ronald walked me through part of the Immunity Master Class, which is being taught at INFILTRATE here in Miami next month (May 19th-23rd). And it's one thing to know that this is possible, but it's a whole different thing to have code to actually do it. 

That's why I love the Master Class, because no matter how good you are there is still a lot to learn in our industry even at the most technical level, and it's often stuff you can put directly into your high level research efforts. 

I personally grew up on Unix hacking. There are dark corners of the Solaris operating system that I'll never forget, like my first girlfriend's foibles. But I didn't realize how poorly I really knew Unix until I saw how Ronald puts the entire Kernel and Userspace together in his head when writing an exploit. So I often sit in on the Master Class to learn Unix hacking from one of the few people who I know is empirically better at it.

And of course, when it comes to SMT solvers, the whole world is still learning where they can and cannot go. As part of that, Immunity did a DARPA project to work on something called ILLITHID, which finds vulnerabilities by doing symbolic execution.

And as of today, we're announcing that because we're going to be extensively using ILLITHID (click here to see it in action) in class, students will be eligible to receive a free student license (i.e. non-commercial) for ILLITHID to take home with them. This is currently the only way you can get ILLITHID, and frankly is worth the price of admission alone!

If you're interested, send an email to and sign up or ask us for more information! (A detailed description of the class and INFILTRATE itself is here.)

No comments:

Post a Comment