[dtornabene]

Going to drop a toplevel comment and say while this is interesting (sincerely!) if people are interested in deeper tools/techniques the book Practical Binary Analysis is excellent, it ends in taint checking, symbolic excution techniques and uses Pin. https://practicalbinaryanalysis.com/

Also worth checking out is BAP, the Binary Analysis Platform, which is the successor project to Bit Blaze, and is one of the most fascinating binary analysis frameworks out there for my money. It was the only one of the darpa CGC entries that ran on real binaries, not the much less complicated ones developed specifically for the challenge.

https://github.com/BinaryAnalysisPlatform/bap

[saagarjha]

I’m unsure of what you mean: while I did not participate in CGC personally IIRC they used a custom platform that required teams to retool for. How would an entry that runs “on real binaries” be useful for this situation?

[dtornabene]

because the test binaries they used were not really close enough to reality to test finding real vulnerabilities. and BAP can, which, if you want to learn static binary analysis, seems useful