DarunGrim

Introduction

DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality.
Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. It's also used to write 1-day exploits by malware writers or security researchers.

This binary diffing technique is especially useful for Microsoft binaries. Not like other vendors they are releasing patch regularly and the patched vulnerabilities are relatively concentrated in small areas in the code. That makes the patched part more visible and apparent to the patch analyzers. There is a "eEye Binary Diffing Suites" released back in 2006 and it's widely used by security researchers to identify vulnerabilities. Even though it's free and opensource, it's powerful enough to be used for that vulnerabilities hunting purpose.

DarunGrim2 is a C++ port of original python codes. DarunGrim2 is way faster than original DarunGrim. And DarunGrim3 is an advanced version of DarunGrim2 which provides nice file management UI.

 
 
 
1-day Exploits Project Using DarunGrim: http://exploitshop.wordpress.com/
 
 
 
Jeong Wook (Matt) Oh's Other Researches:
 
AVM Inception (Video): This talk is about bytecode instrumentation for vulnerability and malware analysis. This talk was presented at BayThreat 2011 and Shmoocon 2012.
AMF Parser for Fiddler2: This is a visualization module that can parse and show tree view of AMF data structure
AMF Test Plugin for Fiddler2: This is a plugin for blackbox testing AMF2 protocol
Vulnerability analysis, practical data flow analysis and visualization: At CanSecWest 2012, I talked about method of using dynamic binary instrumentation for vulnerability research. (Full PPT)
 
 
Comments