-
公开(公告)号:US20210150022A1
公开(公告)日:2021-05-20
申请号:US16687203
申请日:2019-11-18
发明人: Asaf Karas , Or Peles , Meir Tsvi , Anton Nayshtut
摘要: A method, system and product for command injection identification. An input hook function is configured to be executed in response to a potential input provisioning event. The input hook function is configured to perform: analyzing a potential input of the potential input provisioning event to identify whether the potential input comprises a command separator and an executable product; and in response to identifying the command separator and the executable product, recording a suspicious input event indicating the command separator and the executable product. An execution hook function is configured to be executed in response to a potential execution event. The execution hook function is configured to perform: in response to a determination that an execution command of the potential execution event comprises the command separator and the executable product of the suspicious input event, flagging the execution command as a command injection attack.
-
公开(公告)号:US11573887B2
公开(公告)日:2023-02-07
申请号:US16953500
申请日:2020-11-20
发明人: Shachar Menashe , Ilya Khivrich , Asaf Karas
摘要: A method, system and product for determining a characterization of a terminal within a binary code, based on influences of the terminal. Based on the characterization of the terminal, the terminal is determined to be potentially affected by external input that is inputted to a device executing the binary code. A propagation path that indicates a reachability of the terminal within the binary code is determined. A code patch associated with a functionality of at least a portion of the binary code and with the propagation path of the terminal is located in the binary code. The code patch can be executed independently from the binary code. The code patch is extracted from the binary code for testing, and an emulation of the code patch is generated to enable fuzz testing of the emulation, whereby the code patch is tested independently.
-
公开(公告)号:US20220164277A1
公开(公告)日:2022-05-26
申请号:US16953500
申请日:2020-11-20
发明人: Shachar Menashe , Ilya Khivrich , Asaf Karas
摘要: A method, system and product comprising determining a characterization of a terminal of a plurality of terminals within a binary code based on influences of the terminal, wherein the characterization of the terminal indicates a role of the terminal in the binary code; based on the characterization of the terminal, determining that the terminal is potentially affected by external input that is inputted to a device executing the binary code; determining for the terminal a corresponding propagation path within the binary code, wherein the propagation path indicates a reachability of the terminal within the binary code; locating in the binary code a code patch associated with a functionality of the binary code, wherein the code patch is associated with the propagation path of the terminal, wherein the code patch can be executed independently from the binary code; extracting the code patch from the binary code for testing; and generating an emulation of the code patch to enable fuzz testing of the emulation, whereby the code patch is tested independently.
-
公开(公告)号:US11520901B2
公开(公告)日:2022-12-06
申请号:US16726883
申请日:2019-12-25
发明人: Asaf Karas , Meir Tsvi
摘要: A method, system and product for detecting firmware vulnerabilities, including, during a testing phase of a firmware of a device, continuously polling states and activities of the device, wherein said polling is at a testing agent that is functionality separate from the firmware; correlating between at least one event that is associated with the states or the activities of the device and test results of the testing phase; based on said correlating, determining for the firmware one or more normal events and one or more abnormal events; and after the testing phase, providing indications of the one or more normal events and one or more abnormal events from the testing agent to a runtime agent, whereby said providing enables the runtime agent to protect the firmware from vulnerabilities associated with the one or more abnormal events.
-
公开(公告)号:US20220108007A1
公开(公告)日:2022-04-07
申请号:US17492736
申请日:2021-10-04
摘要: A method, apparatus and product including: obtaining metadata about a firmware, wherein the metadata comprises one or more constraints on execution of a system call by the firmware; during execution of the firmware, identifying a system call event, wherein the system call event comprises an invocation of the system call; determining that the system call event violates the one or more constraints on the execution of the system call; and in response to said determining that the system call event violates the one or more constraints, performing a responsive action.
-
公开(公告)号:US20230185921A1
公开(公告)日:2023-06-15
申请号:US17550334
申请日:2021-12-14
发明人: Asaf Karas , Shachar Menashe , Tal Zarfati
IPC分类号: G06F21/57
CPC分类号: G06F21/577 , G06F2221/033
摘要: A method, system and product are provided including obtaining a list of vulnerabilities of an execution environment of a device, analyzing the execution environment to determine contextual factors of the execution environment, and adjusting the list of vulnerabilities based on the contextual factors. This provides a device-specific list of vulnerabilities configured to indicate an estimated impact of each listed vulnerability. Adjusting the list includes at least one of removing a first vulnerability from the list in case that exploitation of the first vulnerability is prevented in the device by the contextual factors, decreasing a score of a second vulnerability of the list in case the contextual factors mitigate an exploitation of the second vulnerability, and increasing a score of a third vulnerability of the list in case that the contextual factors increase a risk of an exploitation of the third vulnerability.
-
公开(公告)号:US11188470B2
公开(公告)日:2021-11-30
申请号:US16879413
申请日:2020-05-20
发明人: Or Peles , Asaf Karas , Ori Hollander , Shachar Menashe
IPC分类号: G06F12/0875 , G06F21/62
摘要: A method, system and product, configured to perform: during an execution of a program, obtaining boundaries of a stack frame of a function that is currently present in a stack, wherein said obtaining the boundaries comprises: obtaining a return address of the function in the stack; determining a length of the function using a mapping of return addresses of one or more functions in the program and corresponding lengths of the one or more functions; and determining the boundaries of the stack frame of the function based on a value of a stack pointer of the stack and based on the length of the function; based on the boundaries of the stack frame of the function, determining that the stack frame is overflown; and in response to said determining that the stack frame is overflown, performing a responsive action.
-
公开(公告)号:US10534918B1
公开(公告)日:2020-01-14
申请号:US16525884
申请日:2019-07-30
发明人: Netanel Davidi , Uri Alter , Asaf Karas , Omer Schory
摘要: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.019 秒)
