SlideShare ist ein Scribd-Unternehmen logo
1 von 52
Downloaden Sie, um offline zu lesen
Halvar Flake (halvar.flake@zynamics.com)
Sebastian Porst (sebastian.porst@zynamics.com)
ShaREing is Caring
ShaREing is Caring
He has a problem
Huge
Disassembled
Binary
Statically linked library he is
not aware of
If he only knew ...
EScript.api
(Adobe Reader
JavaScript Engine)
libjs (Spider Monkey)
Open-Source JavaScript library
He has a problem
Present
Guessing
strings
FLIRT signatures
Future
BinCrowd
Demo
ShaREing is Caring
ShaREing is Caring
Advantages
Disassembly vs. Source Notice vulnerable code Find other uses
Question: What else uses
this vulnerable function?
Answer: [ List of Programs ]
AcroForm.api
Vulnerable libtiff
Technical Intermezzo A:
Finding Functions
We need fast lookup!
Compilers screw with us …
For now we have three ways ...
So how does one store functions?
Random register assignment
Reordering instructions
Switching mnemonics
Small Prime Product
• Positive 64-bit integer number
• Characteristic for a function
• Small prime for each mnemonic
• Multiply
• Two functions are considered equal if they
have the same list of mnemonics
– Order of mnemonics is ignored
• Match quality: High
MD-Index
• Structural lookup in a database would be great
• Erm … but a graph is not a number
• We want a hash function for graphs!
MD-Index
80-Bit Hash Value
Result: Fast DB lookup for
particular functions
MD-Index
• Take every edge in the graph
• For every edge, construct 5-tuple:
– # of incoming edges in the source
– # of outgoing edges in the source
– # of incoming edges in the target
– # of outgoing edges in the target
– Topological order of the edge in the graph
• So a graph gives us a set of vectors
MD-Index
• A set of vectors is not exactly a number
• Embed each vector into the reals:
– Map to
– It’s a 5-dimensional vector space over Q
– Each element is also “just” a number
• Use
• Now mix all the results:
MD-Index
80-Bit Hash Value
Result: Fast DB lookup for
particular functions
MD-Index with calls
• Just the flowgraph is too false-positive prone
• Encode the call positions, too
• Result: Hash function for flowgraph with calls
at particular locations
3-tiered lookup
• Does the prime product match?
– If yes, high confidence in correct match
• Does the MD-Index with calls match?
– If yes, medium confidence in correct match
• Does the MD-Index without calls match?
– If yes, low confidence in correct match
Problems
• Comparison process is not very robust to
changes in flow graphs
– BinDiff can do a lot more
– For most uses sufficient
• Comparison does not work for tiny functions
– Where tiny means less than 8 edges
– Context is not considered
ShaREing is Caring
ShaREing is Caring
She has a problem
Dozens of
previously
analyzed rootkits
New suspicious file
If she only knew
She came across
that malware
author two years
ago
He reused his rootkit hiding
code and she documented it
back then
Demo
ShaREing is Caring
ShaREing is Caring
ShaREing is Caring
Advantages
Remember the past Import earlier results Simplify the future
Technical Intermezzo B:
Calculating scores for files
How to find similar files?
Remember fuzzyness
Here is what we do ...
So we have this database, but ...
One file typically contains
several different statically linked
and dynamically imported
libraries
Calculating a file score
• Calculate a score that depends on the number
of matches weighted by their quality
• The higher the score, the more significant
functions are shared by two files
Problems
• We are still working on score calculation
• Desired score depends on goal
– Comment porting, library identification, ...
ShaREing is Caring
ShaREing is Caring
They have a problem
Complex team
with different
sub-teams
Information flow restricted
by clearance levels
If they only knew ...
BinCrowd manages
different access
levels in a
centralized way
No data transfer from high clearance
people to low clearance people
They have another problem
Different
members use
different tools
Making new information
available to other members
is difficult
If they only knew ...
BinCrowd makes it
easy to exchange
information
between different
tools
Individual members can use
whatever tools they want
No Demo
(BinNavi Plugin is not yet ready)
Advantages
Central database of
knowledge
Controlled transfer of
information
Synchronize information
from different tools
Technical Intermezzo C:
Use BinCrowd
How do you actually access it?
We host a free community server
Here is what you need ...
So we have this database, but ...
We have a prepopulated database
where you can download and
upload information.
Software you need
• IDA Pro 5.6
• IDAPython 1.3.2
• A BinCrowd account (free)
• The BinCrowd IDA Pro Plugin
– http://github.com/zynamics
Usage
• Register BinCrowd account
• Download the BinCrowd IDA Plugin
• Load BinCrowd IDA Plugin using ALT-9 in IDA
• Read the readme.txt file to find out what
CTRL-1, CTRL-2, CTRL-3, and CTRL-4 do
New IDB
Download
prior results
Analyze IDB
Upload new
Results Workflow
Best practices
• Name your input files like
program.version.compiler.optimization_level.x
xx
A fair warning
• Passwords are transmitted in plain-text
• Database will be reset randomly during beta
– All data will be lost, accounts will be kept
• Cross-site request forgeries are a dime a dozen
Credits and Thanks
• Nathan Fain
– For getting the first version of BinCrowd off the
ground
Credits and Thanks
• Christian Ketterer
– For designing the web interface
• American Greetings
– Thanks in advance for not suing us over our liberal
use of care bears when you guys find this
presentation
BinCrowd can be used for free!
Give it a try at
http://bincrowd.zynamics.com

Weitere ähnliche Inhalte

Was ist angesagt?

Python programming introduction
Python programming introductionPython programming introduction
Python programming introductionSiddique Ibrahim
 
Static analysis for perl
Static analysis for perlStatic analysis for perl
Static analysis for perlmoznion
 
Presentation of Python, Django, DockerStack
Presentation of Python, Django, DockerStackPresentation of Python, Django, DockerStack
Presentation of Python, Django, DockerStackDavid Sanchez
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8Wim Godden
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7Wim Godden
 
Memory Management In Python The Basics
Memory Management In Python The BasicsMemory Management In Python The Basics
Memory Management In Python The BasicsNina Zakharenko
 
Object Oriented Apologetics
Object Oriented ApologeticsObject Oriented Apologetics
Object Oriented ApologeticsVance Lucas
 
Python Compiler Internals Presentation Slides
Python Compiler Internals Presentation SlidesPython Compiler Internals Presentation Slides
Python Compiler Internals Presentation SlidesTom Lee
 
Python Programming - I. Introduction
Python Programming - I. IntroductionPython Programming - I. Introduction
Python Programming - I. IntroductionRanel Padon
 
Net serialization
Net serializationNet serialization
Net serializationGreg Sohl
 
Advanced Python Tutorial | Learn Advanced Python Concepts | Python Programmin...
Advanced Python Tutorial | Learn Advanced Python Concepts | Python Programmin...Advanced Python Tutorial | Learn Advanced Python Concepts | Python Programmin...
Advanced Python Tutorial | Learn Advanced Python Concepts | Python Programmin...Edureka!
 
Assignment1 B 0
Assignment1 B 0Assignment1 B 0
Assignment1 B 0Mahmoud
 
FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT ginriki
 
Python Seminar PPT
Python Seminar PPTPython Seminar PPT
Python Seminar PPTShivam Gupta
 

Was ist angesagt? (20)

Python programming introduction
Python programming introductionPython programming introduction
Python programming introduction
 
Programming
ProgrammingProgramming
Programming
 
Static analysis for perl
Static analysis for perlStatic analysis for perl
Static analysis for perl
 
Python
PythonPython
Python
 
Presentation of Python, Django, DockerStack
Presentation of Python, Django, DockerStackPresentation of Python, Django, DockerStack
Presentation of Python, Django, DockerStack
 
Python ppt
Python pptPython ppt
Python ppt
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7
 
Memory Management In Python The Basics
Memory Management In Python The BasicsMemory Management In Python The Basics
Memory Management In Python The Basics
 
Object Oriented Apologetics
Object Oriented ApologeticsObject Oriented Apologetics
Object Oriented Apologetics
 
Python Compiler Internals Presentation Slides
Python Compiler Internals Presentation SlidesPython Compiler Internals Presentation Slides
Python Compiler Internals Presentation Slides
 
Python Programming - I. Introduction
Python Programming - I. IntroductionPython Programming - I. Introduction
Python Programming - I. Introduction
 
Python final ppt
Python final pptPython final ppt
Python final ppt
 
Net serialization
Net serializationNet serialization
Net serialization
 
Python Tutorial Part 2
Python Tutorial Part 2Python Tutorial Part 2
Python Tutorial Part 2
 
Python by Rj
Python by RjPython by Rj
Python by Rj
 
Advanced Python Tutorial | Learn Advanced Python Concepts | Python Programmin...
Advanced Python Tutorial | Learn Advanced Python Concepts | Python Programmin...Advanced Python Tutorial | Learn Advanced Python Concepts | Python Programmin...
Advanced Python Tutorial | Learn Advanced Python Concepts | Python Programmin...
 
Assignment1 B 0
Assignment1 B 0Assignment1 B 0
Assignment1 B 0
 
FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT
 
Python Seminar PPT
Python Seminar PPTPython Seminar PPT
Python Seminar PPT
 

Andere mochten auch

Architectural Diversity (German)
Architectural Diversity (German)Architectural Diversity (German)
Architectural Diversity (German)zynamics GmbH
 
Uni mannheim debuggers
Uni mannheim debuggersUni mannheim debuggers
Uni mannheim debuggerszynamics GmbH
 
0-knowledge fuzzing white paper
0-knowledge fuzzing white paper0-knowledge fuzzing white paper
0-knowledge fuzzing white paperVincenzo Iozzo
 
How to really obfuscate your pdf malware
How to really obfuscate   your pdf malwareHow to really obfuscate   your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw44CON
 
Honesty is a best policy
Honesty is a best policyHonesty is a best policy
Honesty is a best policygouravranjan27
 
Formale Methoden im Reverse Engineering
Formale Methoden im Reverse EngineeringFormale Methoden im Reverse Engineering
Formale Methoden im Reverse Engineeringzynamics GmbH
 

Andere mochten auch (13)

Architectural Diversity (German)
Architectural Diversity (German)Architectural Diversity (German)
Architectural Diversity (German)
 
0-knowledge fuzzing
0-knowledge fuzzing0-knowledge fuzzing
0-knowledge fuzzing
 
Uni mannheim debuggers
Uni mannheim debuggersUni mannheim debuggers
Uni mannheim debuggers
 
0-knowledge fuzzing white paper
0-knowledge fuzzing white paper0-knowledge fuzzing white paper
0-knowledge fuzzing white paper
 
How to really obfuscate your pdf malware
How to really obfuscate   your pdf malwareHow to really obfuscate   your pdf malware
How to really obfuscate your pdf malware
 
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw
 
Senses of engineering ethics1
Senses of engineering ethics1Senses of engineering ethics1
Senses of engineering ethics1
 
Honesty is still in style
Honesty is still in styleHonesty is still in style
Honesty is still in style
 
Honesty is a best policy
Honesty is a best policyHonesty is a best policy
Honesty is a best policy
 
Honesty and integrity
Honesty and integrityHonesty and integrity
Honesty and integrity
 
Honesty
HonestyHonesty
Honesty
 
Formale Methoden im Reverse Engineering
Formale Methoden im Reverse EngineeringFormale Methoden im Reverse Engineering
Formale Methoden im Reverse Engineering
 
7 habits ppt.
7 habits ppt.7 habits ppt.
7 habits ppt.
 

Ähnlich wie ShaREing is Caring

ShaREing Is Caring
ShaREing Is CaringShaREing Is Caring
ShaREing Is Caringsporst
 
Data Applications and Infrastructure at LinkedIn__HadoopSummit2010
Data Applications and Infrastructure at LinkedIn__HadoopSummit2010Data Applications and Infrastructure at LinkedIn__HadoopSummit2010
Data Applications and Infrastructure at LinkedIn__HadoopSummit2010Yahoo Developer Network
 
The Final Frontier
The Final FrontierThe Final Frontier
The Final FrontierjClarity
 
Storing eBay's Media Metadata on MongoDB, by Yuri Finkelstein, Architect, eBay
Storing eBay's Media Metadata on MongoDB, by Yuri Finkelstein, Architect, eBayStoring eBay's Media Metadata on MongoDB, by Yuri Finkelstein, Architect, eBay
Storing eBay's Media Metadata on MongoDB, by Yuri Finkelstein, Architect, eBayMongoDB
 
MongoDB San Francisco 2013: Storing eBay's Media Metadata on MongoDB present...
MongoDB San Francisco 2013: Storing eBay's Media Metadata on MongoDB  present...MongoDB San Francisco 2013: Storing eBay's Media Metadata on MongoDB  present...
MongoDB San Francisco 2013: Storing eBay's Media Metadata on MongoDB present...MongoDB
 
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...Hirofumi Iwasaki
 
Way #5 Don’t end up in a ditch because you weren’t aware of roadblocks in you...
Way #5 Don’t end up in a ditch because you weren’t aware of roadblocks in you...Way #5 Don’t end up in a ditch because you weren’t aware of roadblocks in you...
Way #5 Don’t end up in a ditch because you weren’t aware of roadblocks in you...panagenda
 
Software Analytics: Data Analytics for Software Engineering
Software Analytics: Data Analytics for Software EngineeringSoftware Analytics: Data Analytics for Software Engineering
Software Analytics: Data Analytics for Software EngineeringTao Xie
 
Hard Coding as a design approach
Hard Coding as a design approachHard Coding as a design approach
Hard Coding as a design approachOren Eini
 
Architecture by Accident
Architecture by AccidentArchitecture by Accident
Architecture by AccidentGleicon Moraes
 
The Future of Computing is Distributed
The Future of Computing is DistributedThe Future of Computing is Distributed
The Future of Computing is DistributedAlluxio, Inc.
 
Strata sf - Amundsen presentation
Strata sf - Amundsen presentationStrata sf - Amundsen presentation
Strata sf - Amundsen presentationTao Feng
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecurityTao Xie
 
Redis and Bloom Filters - Atlanta Java Users Group 9/2014
Redis and Bloom Filters - Atlanta Java Users Group 9/2014Redis and Bloom Filters - Atlanta Java Users Group 9/2014
Redis and Bloom Filters - Atlanta Java Users Group 9/2014Christopher Curtin
 
MySQL And Search At Craigslist
MySQL And Search At CraigslistMySQL And Search At Craigslist
MySQL And Search At CraigslistJeremy Zawodny
 
Data council sf amundsen presentation
Data council sf    amundsen presentationData council sf    amundsen presentation
Data council sf amundsen presentationTao Feng
 
Building and deploying LLM applications with Apache Airflow
Building and deploying LLM applications with Apache AirflowBuilding and deploying LLM applications with Apache Airflow
Building and deploying LLM applications with Apache AirflowKaxil Naik
 

Ähnlich wie ShaREing is Caring (20)

ShaREing Is Caring
ShaREing Is CaringShaREing Is Caring
ShaREing Is Caring
 
Data Applications and Infrastructure at LinkedIn__HadoopSummit2010
Data Applications and Infrastructure at LinkedIn__HadoopSummit2010Data Applications and Infrastructure at LinkedIn__HadoopSummit2010
Data Applications and Infrastructure at LinkedIn__HadoopSummit2010
 
The Final Frontier
The Final FrontierThe Final Frontier
The Final Frontier
 
Storing eBay's Media Metadata on MongoDB, by Yuri Finkelstein, Architect, eBay
Storing eBay's Media Metadata on MongoDB, by Yuri Finkelstein, Architect, eBayStoring eBay's Media Metadata on MongoDB, by Yuri Finkelstein, Architect, eBay
Storing eBay's Media Metadata on MongoDB, by Yuri Finkelstein, Architect, eBay
 
MongoDB San Francisco 2013: Storing eBay's Media Metadata on MongoDB present...
MongoDB San Francisco 2013: Storing eBay's Media Metadata on MongoDB  present...MongoDB San Francisco 2013: Storing eBay's Media Metadata on MongoDB  present...
MongoDB San Francisco 2013: Storing eBay's Media Metadata on MongoDB present...
 
Performance Tuning with XHProf
Performance Tuning with XHProfPerformance Tuning with XHProf
Performance Tuning with XHProf
 
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...
 
Way #5 Don’t end up in a ditch because you weren’t aware of roadblocks in you...
Way #5 Don’t end up in a ditch because you weren’t aware of roadblocks in you...Way #5 Don’t end up in a ditch because you weren’t aware of roadblocks in you...
Way #5 Don’t end up in a ditch because you weren’t aware of roadblocks in you...
 
Software Analytics: Data Analytics for Software Engineering
Software Analytics: Data Analytics for Software EngineeringSoftware Analytics: Data Analytics for Software Engineering
Software Analytics: Data Analytics for Software Engineering
 
Hard Coding as a design approach
Hard Coding as a design approachHard Coding as a design approach
Hard Coding as a design approach
 
Architecture by Accident
Architecture by AccidentArchitecture by Accident
Architecture by Accident
 
The Future of Computing is Distributed
The Future of Computing is DistributedThe Future of Computing is Distributed
The Future of Computing is Distributed
 
Strata sf - Amundsen presentation
Strata sf - Amundsen presentationStrata sf - Amundsen presentation
Strata sf - Amundsen presentation
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
 
Redis and Bloom Filters - Atlanta Java Users Group 9/2014
Redis and Bloom Filters - Atlanta Java Users Group 9/2014Redis and Bloom Filters - Atlanta Java Users Group 9/2014
Redis and Bloom Filters - Atlanta Java Users Group 9/2014
 
MySQL And Search At Craigslist
MySQL And Search At CraigslistMySQL And Search At Craigslist
MySQL And Search At Craigslist
 
Effective Java
Effective JavaEffective Java
Effective Java
 
Data council sf amundsen presentation
Data council sf    amundsen presentationData council sf    amundsen presentation
Data council sf amundsen presentation
 
My life as a cyborg
My life as a cyborg My life as a cyborg
My life as a cyborg
 
Building and deploying LLM applications with Apache Airflow
Building and deploying LLM applications with Apache AirflowBuilding and deploying LLM applications with Apache Airflow
Building and deploying LLM applications with Apache Airflow
 

ShaREing is Caring

  • 1. Halvar Flake (halvar.flake@zynamics.com) Sebastian Porst (sebastian.porst@zynamics.com)
  • 4. He has a problem Huge Disassembled Binary Statically linked library he is not aware of
  • 5. If he only knew ... EScript.api (Adobe Reader JavaScript Engine) libjs (Spider Monkey) Open-Source JavaScript library
  • 6. He has a problem Present Guessing strings FLIRT signatures Future BinCrowd
  • 10. Advantages Disassembly vs. Source Notice vulnerable code Find other uses Question: What else uses this vulnerable function? Answer: [ List of Programs ] AcroForm.api Vulnerable libtiff
  • 12. We need fast lookup! Compilers screw with us … For now we have three ways ... So how does one store functions? Random register assignment Reordering instructions Switching mnemonics
  • 13. Small Prime Product • Positive 64-bit integer number • Characteristic for a function • Small prime for each mnemonic • Multiply • Two functions are considered equal if they have the same list of mnemonics – Order of mnemonics is ignored • Match quality: High
  • 14. MD-Index • Structural lookup in a database would be great • Erm … but a graph is not a number • We want a hash function for graphs!
  • 15. MD-Index 80-Bit Hash Value Result: Fast DB lookup for particular functions
  • 16. MD-Index • Take every edge in the graph • For every edge, construct 5-tuple: – # of incoming edges in the source – # of outgoing edges in the source – # of incoming edges in the target – # of outgoing edges in the target – Topological order of the edge in the graph • So a graph gives us a set of vectors
  • 17. MD-Index • A set of vectors is not exactly a number • Embed each vector into the reals: – Map to – It’s a 5-dimensional vector space over Q – Each element is also “just” a number • Use • Now mix all the results:
  • 18. MD-Index 80-Bit Hash Value Result: Fast DB lookup for particular functions
  • 19. MD-Index with calls • Just the flowgraph is too false-positive prone • Encode the call positions, too • Result: Hash function for flowgraph with calls at particular locations
  • 20. 3-tiered lookup • Does the prime product match? – If yes, high confidence in correct match • Does the MD-Index with calls match? – If yes, medium confidence in correct match • Does the MD-Index without calls match? – If yes, low confidence in correct match
  • 21. Problems • Comparison process is not very robust to changes in flow graphs – BinDiff can do a lot more – For most uses sufficient • Comparison does not work for tiny functions – Where tiny means less than 8 edges – Context is not considered
  • 24. She has a problem Dozens of previously analyzed rootkits New suspicious file
  • 25. If she only knew She came across that malware author two years ago He reused his rootkit hiding code and she documented it back then
  • 26. Demo
  • 30. Advantages Remember the past Import earlier results Simplify the future
  • 32. How to find similar files? Remember fuzzyness Here is what we do ... So we have this database, but ... One file typically contains several different statically linked and dynamically imported libraries
  • 33. Calculating a file score • Calculate a score that depends on the number of matches weighted by their quality • The higher the score, the more significant functions are shared by two files
  • 34. Problems • We are still working on score calculation • Desired score depends on goal – Comment porting, library identification, ...
  • 37. They have a problem Complex team with different sub-teams Information flow restricted by clearance levels
  • 38. If they only knew ... BinCrowd manages different access levels in a centralized way No data transfer from high clearance people to low clearance people
  • 39. They have another problem Different members use different tools Making new information available to other members is difficult
  • 40. If they only knew ... BinCrowd makes it easy to exchange information between different tools Individual members can use whatever tools they want
  • 41. No Demo (BinNavi Plugin is not yet ready)
  • 42. Advantages Central database of knowledge Controlled transfer of information Synchronize information from different tools
  • 44. How do you actually access it? We host a free community server Here is what you need ... So we have this database, but ... We have a prepopulated database where you can download and upload information.
  • 45. Software you need • IDA Pro 5.6 • IDAPython 1.3.2 • A BinCrowd account (free) • The BinCrowd IDA Pro Plugin – http://github.com/zynamics
  • 46. Usage • Register BinCrowd account • Download the BinCrowd IDA Plugin • Load BinCrowd IDA Plugin using ALT-9 in IDA • Read the readme.txt file to find out what CTRL-1, CTRL-2, CTRL-3, and CTRL-4 do
  • 47. New IDB Download prior results Analyze IDB Upload new Results Workflow
  • 48. Best practices • Name your input files like program.version.compiler.optimization_level.x xx
  • 49. A fair warning • Passwords are transmitted in plain-text • Database will be reset randomly during beta – All data will be lost, accounts will be kept • Cross-site request forgeries are a dime a dozen
  • 50. Credits and Thanks • Nathan Fain – For getting the first version of BinCrowd off the ground
  • 51. Credits and Thanks • Christian Ketterer – For designing the web interface • American Greetings – Thanks in advance for not suing us over our liberal use of care bears when you guys find this presentation
  • 52. BinCrowd can be used for free! Give it a try at http://bincrowd.zynamics.com