Abstract: Methods, systems, and computer-readable media are disclosed for packet sanitization. A particular method intercepts a packet of a packet stream, where the packet stream is transmitted in accordance with a particular protocol. The packet is analyzed based on a specification associated with the particular protocol. Based on the analysis, a data value of a field of the packet is replaced with a sanitized data value to create a sanitized packet. The sanitized packet may be injected into the packet stream or may optionally be forwarded to a signature module that checks the sanitized packet for malicious content. When malicious content is found, the sanitized packet may be dropped, the sanitized packet may be logged, the sanitized packet may be redirected, or a notification regarding the sanitized packet may be sent to an administrator.

Abstract: A human-readable list of patch differences ranked by weight helps vulnerability analysts allocate their time. From binary code, identified source functions and recognized sink functions are used when assigning relative weights to changes caused by a patch. Source functions are identified using an export table, import table, and remote procedure call interface. Sink functions are recognized using blacklisted functions, patch-targeted functions, memory functions, string functions, and functions called with mismatched parameters. A change prioritizer assigns weights based on an architectural graph and a set of prioritization rules that specify what kind of change is made by a patch, and what kind of function is changed. Weight assignments may be additive. Rules may assign certain kinds of change a higher priority for subsequent scrutiny by an analyst.

Abstract: A human-readable list of patch differences ranked by weight helps vulnerability analysts allocate their time. From binary code, identified source functions and recognized sink functions are used when assigning relative weights to changes caused by a patch. Source functions are identified using an export table, import table, and remote procedure call interface. Sink functions are recognized using blacklisted functions, patch-targeted functions, memory functions, string functions, and functions called with mismatched parameters. A change prioritizer assigns weights based on an architectural graph and a set of prioritization rules that specify what kind of change is made by a patch, and what kind of function is changed. Weight assignments may be additive. Rules may assign certain kinds of change a higher priority for subsequent scrutiny by an analyst.

Abstract: Methods, systems, and computer-readable media are disclosed for packet sanitization. A particular method intercepts a packet of a packet stream, where the packet stream is transmitted in accordance with a particular protocol. The packet is analyzed based on a specification associated with the particular protocol. Based on the analysis, a data value of a field of the packet is replaced with a sanitized data value to create a sanitized packet. The sanitized packet may be injected into the packet stream or may optionally be forwarded to a signature module that checks the sanitized packet for malicious content. When malicious content is found, the sanitized packet may be dropped, the sanitized packet may be logged, the sanitized packet may be redirected, or a notification regarding the sanitized packet may be sent to an administrator.