Reverse Engineering and Automating Vulnerability Discovery

Ohio Cyber Range – Seminar Series Organized by

The Department of Electrical Engineering and Computer Science, the School of Information Technology, and the Department of Political Science at UC

Reverse Engineering and Automating Vulnerability Discovery

Wednesday  November 14, 2018 / 813 Rhodes / 1.00 – 2.00pm

Aaron McCanty

Battelle Memorial Institute, Columbus, Ohio

Crypto jacking, Botnets, Ransomware and data breaches are common occurrences in today’s cyber ecosystem and will continue to explode with billions of IOT systems currently connected to the internet. All of these attacks start with a bad actor exploiting weak security or software/hardware bugs gaining control over a system. Discovering vulnerabilities in software before an attacker is vital when trying to protect personal information, secure corporate data, and guard our national security. With the limited number of trained reverse engineers and security experts, research in this field often focuses on ways to automate the vulnerability discovery process.

In this talk, Aaron McCanty will be exploring some of the techniques used by researchers to discover, exploit and patch security vulnerabilities. He will also demonstrate some of the cutting-edge research being done to help automate the Reverse Engineering and Vulnerability Discovery process. He will demonstrate the use of software and hardware fuzzers to rapidly find vulnerabilities, as well as how to utilize emulation in order to audit logic isolated from the reach of traditional fuzzers. He will also demonstrate how Hyper-Relational databases and custom language ontologies can be used to automatically find vulnerabilities in complex binaries.

Bio: Aaron McCanty is currently working as a Cyber Computer Scientist at Battelle Memorial Institute. His work is focused on Reverse Engineering and Vulnerability Research, specifically targeting embedded systems and firmware. He also works extensively in developing machine learning algorithms to detect and thwart cyber-attacks. Mr. McCanty holds a Bachelors of Science in Computer and Information Systems with minors in Astrophysics and Economics from The Ohio State University.