Abstract: A method for identifying a type of a variable within a binary performed on a computing device is provided. The method comprises, identifying a variable from disassembly code of a binary, and determining a type of the variable based on an instruction of the disassembly code, associated with the variable.

Abstract: There is provided a method of patching a binary having vulnerability which is performed by a computing device. The method comprises loading a first binary to be patched, into a memory, generating a second binary by patching to call a stack frame initialization function from a vulnerable function of the first binary, executing the stack frame initialization function by calling the vulnerable function when the second binary is executed and initializing a stack frame area of the vulnerable function so as to automatically initialize a variable declared in the vulnerable function.

Abstract: A method for patching a vulnerability of a binary performed on a computing device is provided.

Abstract: A method for identifying a type of a variable within a binary performed on a computing device is provided. The method comprises, identifying a variable from disassembly code of a binary, and determining a type of the variable based on an instruction of the disassembly code, associated with the variable.

Abstract: Provided are methods of detecting a Diameter spoofing attack. According to an embodiment, the method comprises, obtaining a normal International Mobile Subscriber Identity (IMSI) from a packet of a Diameter S6a protocol transmitted from a Mobile Management Entity (MME) to a Home Subscriber Server (HSS) of a home network, adding a record comprising the normal IMSI to a session table, obtaining an Insert Subscriber Data Request (IDR) message of the Diameter S6a protocol and determining a category of the IDR message.

Abstract: There is provided a method of tracking the location of the cause of a binary vulnerability, the method being performed by a computing apparatus and comprising: adding first taint information for a first operand register tainted by input data of an error-causing case, generating second taint information for a second operand register tainted by data of the first operand register by using the first taint information; and tracking input data that caused an error among the input data of the error-causing case by tracing back taint information of a register of each operand from a point where the error occurred.

Abstract: There is provided a method of patching a binary having vulnerability which is performed by a computing device. The method comprises loading a first binary to be patched, into a memory, generating a second binary by patching to call a stack frame initialization function from a vulnerable function of the first binary, executing the stack frame initialization function by calling the vulnerable function when the second binary is executed and initializing a stack frame area of the vulnerable function so as to automatically initialize a variable declared in the vulnerable function.

Abstract: Provided is an Internet protocol (IP) generation method. The method is performed by an IP generation apparatus comprising one or more processors and memory and includes: forming a plurality of initialized partial numbers by dividing a decimal number indicating a count of IP addresses that can be generated; changing the partial numbers according to a predetermined rule; generating an IP decimal number by linking the changed partial numbers; generating a random IP address from the IP decimal number; and generating a plurality of different random IP addresses with improved time efficiency, by sequentially repeating the changing of the partial numbers, the generating of the IP decimal number and the generating of the random IP address.

Abstract: Provided are a method and a system capable of efficiently detecting security vulnerability of program. The method includes: generating binary information including route information indicating an execution route of a program on a first test case; acquiring first crash information including the first test case and the route information when a crash of the first test case occurs; restoring a control flow graph based on the binary information; calculating complexity of the restored control flow graph; determining whether the complexity is less than a threshold value; only when a result of the determination indicates that the complexity is less than a threshold value, performing: executing a route detection on the route information; generating a second test case by executing the route detection; and acquiring a second crash information including the second test case and the route information.

Abstract: Provided are a method and a system capable of efficiently detecting security vulnerability of program. The system for detecting the security vulnerability according to an embodiment of the present invention includes a vulnerability detecting module that acquires crash information, a binary analysis module that determines priority of binary information and whether to execute the route detection, and a route detecting module that executes the route detection to generate a new test case.

Abstract: Provided are a method and a system capable of efficiently detecting security vulnerability of program. The method includes: generating binary information including route information indicating an execution route of a program on a first test case; acquiring first crash information including the first test case and the route information when a crash of the first test case occurs; restoring a control flow graph based on the binary information; calculating complexity of the restored control flow graph; determining whether the complexity is less than a threshold value; only when a result of the determination indicates that the complexity is less than a threshold value, performing: executing a route detection on the route information; generating a second test case by executing the route detection; and acquiring a second crash information including the second test case and the route information.

Abstract: Provided are a binary vulnerability analysis method performed by a computing device is provided, and the binary vulnerability analysis method includes a primary execution step of recording a symbolic constraint of a vulnerability associated with an execution flow path causing a crash to a target binary to be analyzed and a suspicious element on the execution flow path by performing taint analysis through a primary execution of the target binary; and a secondary execution step of performing a secondary execution, which is a symbolic execution, on the execution flow path and, if an instruction satisfying the symbolic constraint is found, determining that the vulnerability exists in the target binary by comparing the suspicious element and the found instruction.

Abstract: Provided are a method and an apparatus for identifying computer system information which process banner information of an open port of a computer system, create a CPE tree by analyzing a CPE dictionary, and search keywords of respective levels of the CPE tree in a banner and generate one or more CPEs based on the CPE tree observing a format of the CPE dictionary to select CPEs which most match information of an operating system or an application program of a specific computer system among various CPE candidates and rapidly and easily identify CPE type vulnerability information which can interlock with CVE vulnerability information.

Abstract: Provided are a method, apparatus and system for converting vulnerability information collected from various sources of vulnerability information into a format that can be easily shared.

Abstract: Provided are a binary vulnerability analysis method performed by a computing device is provided, and the binary vulnerability analysis method includes a primary execution step of recording a symbolic constraint of a vulnerability associated with an execution flow path causing a crash to a target binary to be analyzed and a suspicious element on the execution flow path by performing taint analysis through a primary execution of the target binary; and a secondary execution step of performing a secondary execution, which is a symbolic execution, on the execution flow path and, if an instruction satisfying the symbolic constraint is found, determining that the vulnerability exists in the target binary by comparing the suspicious element and the found instruction.

Abstract: There are provided an apparatus for collecting vulnerability information of a computer system and a method thereof. The method includes: downloading a vulnerability file including formal vulnerability data configured in a predetermined format from a vulnerability database; classify the formal vulnerability data by performing file parsing for the vulnerability file on the basis of the predetermined format ; classify informal vulnerability data included in the source code by performing source code parsing for a source code of a web page and formalizing the informal vulnerability data on the basis of a result of the classification; and storing the formal vulnerability data and the formalized informal vulnerability data in a field of a vulnerability table on the basis of a result of the classification.

Abstract: Provided are a method and a system capable of efficiently detecting security vulnerability of program. The system for detecting the security vulnerability according to an embodiment of the present invention includes a vulnerability detecting module that acquires crash information, a binary analysis module that determines priority of binary information and whether to execute the route detection, and a route detecting module that executes the route detection to generate a new test case.

Abstract: A device information gathering method is provided. The device information gathering method includes: allowing a device information gathering apparatus to transmit a packet to a randomly generated Internet Protocol (IP) address and to receive a syn-ack packet as a response; allowing the device information gathering apparatus to parse the syn-ack packet and thus to extract Transmission Control Protocol (TCP)/IP fields; and allowing the device information gathering apparatus to compare the TCP/IP fields and an OS fingerprint rule, which is in JavaScript Object Notation (JSON) format, and thus to generate an OS fingerprint of the randomly generated IP address, wherein the OS fingerprint rule stores Operating Systems (OSs) and TCP/IP field values corresponding to versions of the OSs as attribute-value pairs.

Abstract: Provided is an Internet protocol (IP) generation method. The method is performed by an IP generation apparatus comprising one or more processors and memory and includes: forming a plurality of initialized partial numbers by dividing a decimal number indicating a count of IP addresses that can be generated; changing the partial numbers according to a predetermined rule; generating an IP decimal number by linking the changed partial numbers; generating a random IP address from the IP decimal number; and generating a plurality of different random IP addresses with improved time efficiency, by sequentially repeating the changing of the partial numbers, the generating of the IP decimal number and the generating of the random IP address.

Abstract: Provided is an Internet protocol (IP) generation method. The method is performed by an IP generation apparatus and includes: forming a plurality of initialized partial numbers by dividing a decimal number indicating a count of IP addresses that can be generated; changing the partial numbers according to a predetermined rule; generating an IP decimal number by connecting the changed partial numbers; generating a random IP address from the IP decimal number; and generating a plurality of different random IP addresses by sequentially repeating the changing of the partial numbers, the generating of the IP decimal number and the generating of the random IP address.