Challenge

There is a strong incentive for software developers to attack their own software for the purpose of hardening security. The general philosophy is that it is better to proactively find security flaws yourself - before someone else does and uses it maliciously against your clients. Security audits can be performed by specialized teams within a company or by third-party consultants, but they almost always require the precision of a tool like IDA.

Approach

It is possible to use IDA more offensively to detect exploitable vulnerabilities in mission-critical software. Usually this involves identifying the logic that is responsible for processing user input, then aggressively analyzing it for logical errors. Often times it can be easier to spot such errors when decompiling the software from the raw machine code, because it is free of any bias or assumptions made by a lazy programmer when writing the original source code. Security auditors know what kind of bugs to look for, and they can be extremely harmful.

Lexfo used IDA to discover a bug in an IBM Banking Server. The bug could be exploited to give the attacker remote access to a machine responsible for managing electronic bank transactions:

Pentesting a banking FTP service

Chris Valasek and Charlie Miller used IDA to reverse engineer the firmware in a self-driving Jeep and found vulnerabilities that allowed them to take control of the car remotely:

Whitepaper discussing the firmware analysis in IDA

DBAPPSecurity used IDA to discover a flaw in the Windows 10 kernel that is being used to attack Windows users in China:

Windows Kernel Zero-Day Exploit Is Used By BITTER APT In Targeted Attack

Products

IDA Home
IDA Pro
IDA Free
IDA Classroom
IDA Pro OEM
Private Lumina Add-on
Teams Add-on
Training courses

Case studies

Malware Analysis & Digital Forensics
Vulnerability research & penetration testing
Dynamic Analysis & Debugging
Automotive Security
Interoperability
Software Assessments

Classroom

IDA Classroom Free
Classroom discount for IDA Pro

Resources

Documentation
Forum
Blog
Community plugins

Pricing

For organizations
For individuals
For education providers
Our reseller partners

Company

About us
Careers
Privacy policy
Terms of use
Contact us

Connect with the community on

X Mastodon LinkedIn YouTube

© 2024 Copyright Hex-Rays