Our world is driven by interconnected software. While this connectivity provides functionality and convenience, it is not without risks: vulnerabilities are still rampant in modern software, and the exploitation of these vulnerabilities turns our connectivity into a liability. With the recent proliferation of "smart" devices, more vulnerable software than ever is connected to the internet, and open to attackers.
We must find and fix these vulnerabilities before they can be exploited. In this talk, I will describe my research into an analysis pipeline that is flexible and extensible enough to target the identification of different types of vulnerabilities in binary code. I will discuss angr, the analysis framework powering this pipeline, and detail how angr can be applied to a diverse range of security tasks, such as the analysis of firmware to identify the presence of vulnerabilities. I will show the culmination of these techniques in the form of the Mechanical Phish, one of the world's first fully autonomous hacking systems, which won third place in the DARPA Cyber Grand Challenge by autonomously finding, exploiting, and patching vulnerabilities in a live competition, at a scale that could not be achieved by human hackers.
Of course, the software and firmware security problem is not solved. I will conclude with the holes left open by current work and will discuss the ways in which these holes can be covered by re-introducing human intelligence into the automated security pipeline.