BlackHat 2010 – ExploitSpotting [Jeongwook Oh]

ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically

A major area of concern for any software vendor is maintaining a platform that is secure and safe from vulnerabilities.  The ability to maintain software is provided by patches, which are usually relatively small software updates that apply a fix or modification of existing code. Although vendors regularly provide patches and advisories to customers, the downtime related to download, testings, installing, and cross-compatibility of patching means many systems lag far behind updates. Administrators need to know the changes made to analyze differences and possible side effects. Many vendors are making this task increasingly difficult as they mix security patches and feature updates.

At Black Hat 2010 Jeongwook Oh presents his latest attempt to reduce the workload with his tool DarunGrim. In his newest version released today at the conference, DarunGrim v3 introduces a user friendly interface, a new  “Bin Collector” and “Security Implication Score” support.  The tool provides a way for sysadmins to compare the line-by-line changes made by patches and associates the relative weight of the threat patched with a numerical score. Jeongwook’s tool boosst the speed of analysis and will reduce time spent analyzing patches and increase speed of actual deployment. The tool also introduces the ability to discover and identify trends in patches to provide preventative protection against future or undisclosed vulnerabilities before they become huge headaches for admins.

All source code and latest version of DarunGrim is available online http://www.darungrim.org