Vulnerability analysis is the rapid positioning holes in the code and understand the attack method to estimate accurately the potential vulnerability and risk levels using the process.
Solid exploits technology is the basis for vulnerability analysis, or is likely to not use the bug to check into the holes, or you can allow remote control of high-risk vulnerabilities misinterpreted as a DOS-based intermediate vulnerability.
In general, vulnerability discoverers to provide some security experts need to be able to reproduce the vulnerability of the code, this code is known as POC (Proof of Concept).
POC can take many forms, so long as to trigger the vulnerability on the line. For example, it could be a crash of the deformity can cause documents may also be a Metasploit's exploit module. According to the different POC, vulnerability analysis, the difficulty will be different - according to MSF standards announced by the exploit is clearly better than a few packets in binary form is much easier to analyze.
Received after the POC, security experts need to deploy test environments, to reproduce the attack process, and analyze debug to determine which function is in the end, which lines of code out of the question, and to guide developers to create patches.
Security experts frequently used analysis methods include:
(1) dynamic debug: using OllyDbg and other debugging tools, tracking software, from the layers of stack overflow vulnerability back in the function.
(2) static analysis: Using reverse IDA and other tools, access to the program, "Global View" and high-quality anti-assembly code, supporting dynamic debugging.
(3) instruction tracing technique: we can first run the program properly record all performed under the instruction sequence; then trigger the vulnerability, an attacker conditions recorded over the instruction program execution sequence; last performed comparing the two instructions, focus Reverse execution performance of the two different code area, and this part of the dynamic debugging and tracking code to quickly locate vulnerabilities function.
In addition to security experts need to analyze vulnerabilities, hackers often need to analyze the vulnerability. For example, when Microsoft released security patches, the world can not all users immediately patch, therefore, the patch about a week after the announcement of the time, they fix vulnerabilities in a certain range is still available.
Once released security patches, which along with the equivalent of vulnerability information also announced. Patch by comparative analysis of hackers around the PE file and get the location of vulnerabilities experienced hacker can even write a patch on the same day exploit.
Given the value of such an attack, vulnerability patch analysis is more important kind of difference is, this analysis used more than an attacker.