Lately all I've been doing is data science but I've been trying to keep up
with some of the cool work happening in the cybers as well. One project I
think is especially cool is the Joern Ghidra2CPG project.
https://twitter.com/fabsx00/status/1466302205019971586?s=20
https://joern.io/blog/joern-supports-binary/
The theory is that you can use the Ghidra decompiler, then have a code
property graph, which they store in a special purpose in-memory graph
database (that should probably be ported to A REAL GRAPH DATABASE). Then
you can make queries in scala (ugh) against that DB to find bugs.
One example is here:
https://github.com/joernio/query-database/blob/main/src/main/scala/io/joern…
Has anyone else tried using this?
It'd be cool instead of doing source sink to do clustering and missing link
analysis and MLlib against the graph database. Also a real graph db might
be able to scale better... but regardless, this is the kind of cool project
I hoped to see when Ghidra first came out!
This paper as well seems quite relevant:
https://twitter.com/0xadr1an/status/1466518964029169672?s=20
The Convergence of Source Code and Binary Vulnerability Discovery – A Case
Study
https://www.s3.eurecom.fr/docs/asiaccs22_mantovani.pdf
-dave