{"id":9221,"date":"2012-05-25T12:32:48","date_gmt":"2012-05-25T10:32:48","guid":{"rendered":"https:\/\/www.corelan.be\/?p=9221"},"modified":"2012-05-25T12:32:48","modified_gmt":"2012-05-25T10:32:48","slug":"hitb2012ams-day-2-taint-analysis","status":"publish","type":"post","link":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/","title":{"rendered":"HITB2012AMS Day 2 - Taint Analysis"},"content":{"rendered":"<h3>Automatically Searching for Vulnerabilities: How to use Taint Analysis to find Security Flaws<\/h3>\n<p>(by Alex Bazhanyuk (not present) and Nikita Tarakanov, Reverse Engineers, CISS)<\/p>\n<p><a href=\"https:\/\/twitter.com\/NTarakanov\">Nikita<\/a> explains they have been working on reversing binaries and auditing source code for a long time. \u00a0 Alex currently works on the BitBlaze work, and moved to the US to be able to work on security research in a better way. \u00a0The presentation is based on work done by Alex and Nikita a while ago, before Alex moved from Ukrain to the US.<\/p>\n<p>Nikita, an independent researcher, enjoys reversing kernels.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" title=\"rps20120525_114925_899.jpg\" src=\"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120525_114925_899.jpg\" alt=\"Rps20120525 114925 899\" width=\"600\" height=\"441\" border=\"0\" \/><\/p>\n<p>The agenda for the talk contains the following topics:<\/p>\n<ul>\n<li>Taint Analysis<\/li>\n<li>BitBlaze theory<\/li>\n<li>SASV implementation<\/li>\n<li>Lulz Time<\/li>\n<li>Pitfalls<\/li>\n<li>Conclusion<\/li>\n<\/ul>\n<h4>Taint Analysis<\/h4>\n<p>Nikita explains that they mainly focused on IDA Pro plugins and BitBlaze (Vine + utils, TEMU + plugins). Nikita explains that BitBlaze needed customization to work properly.<\/p>\n<p>Most people look for vulnerabilities by fuzzing, generate mutation cases, etc. \u00a0Nikita explains that, when the protocol implements crypto, CRC checks or uses unknown formats, fuzzing might not be very easy. \u00a0 A better way is to use taint analysis. \u00a0 \u00a0 From a taint source perspective, you can taint network input\/output, keyboard input, memory, disk, function output, etc. \u00a0 The idea is to follow the tainted data and trace how the application behaves when processing the tainted data.<\/p>\n<p>There are a couple of ways to perform taint analysis:<\/p>\n<p>Static taint analysis : analysis performed over multiple paths of a program (mostly performed within IDA Pro). \u00a0It's typically performed on a control flow graph, where statements are nodes, and there is an edge between nodes if there is a possible transfer of control.<\/p>\n<p>Dynamic taint analysis. \u00a0To perform dynamic taint analysis, the researchers used BitBlaze. \u00a0 It will allow you to automatically extract security-related properties from binary code. \u00a0It was build as a unified binary analysis platform for security, leverages recent advances in program analysis, formal methods, binary instrumentation, and can greatly decrease the amount of time to find\/detect exploitable conditions.<\/p>\n<h4>BitBlaze<\/h4>\n<p>BitBlaze contains of a couple of components. It has an emulator, and taint analysis engine and a semantics extractor, made available to plugins via a TEMUAPI interface. \u00a0TEMU is based on older versions of QEMU making it slow and buggy. \u00a0TEMU is just used to perform tracing.<\/p>\n<p>VINE is an intermediate language, sits in between the tracing (TEMU) and the output (graphs, logs, etc). Nikita dives into some details about the IL and STP.<\/p>\n<h4>SASV Components<\/h4>\n<p>To set up the SASV environment, they used<\/p>\n<ul>\n<li>Temu<\/li>\n<li>Vine<\/li>\n<li>STP<\/li>\n<li>IDA Plugins (Dangerousfunctions,\u00a0IndirectCalls,\u00a0ida2sql (zynamics)) \u00a0to find calls to dangerous functions, find indirect jumps and calls, and to load idb into mysql<\/li>\n<li>iterators - wrapper for temu, vine, stp<\/li>\n<li>various publishers (for DeviceIOControl etc)<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" title=\"rps20120525_120638_505.jpg\" src=\"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120525_120638_505.jpg\" alt=\"Rps20120525 120638 505\" width=\"600\" height=\"482\" border=\"0\" \/><\/p>\n<p>To optimize the SASV experience, Nikita explains, the minimum goal is to get maximum coverage of dangerous code. \u00a0The max goal is to have max coverage of all of the code.<\/p>\n<p>The basic SASV algorithm contains the following steps:<\/p>\n<ul>\n<li>First, using IDA plugins, the dangerous places in the app are identified.<\/li>\n<li>Using publishers, they invoke the targeted code and start using TEMU to trace.<\/li>\n<li>Trace -&gt; appreplay -&gt; IL<\/li>\n<li>IL -&gt; change path algo - IL' \u00a0(change symbolic execution)<\/li>\n<li>wputil -&gt; stp' code<\/li>\n<li>stp<\/li>\n<li>repeat<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" title=\"rps20120525_121159_904.jpg\" src=\"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120525_121159_904.jpg\" alt=\"Rps20120525 121159 904\" width=\"600\" height=\"508\" border=\"0\" \/><\/p>\n<p>There are some disadvantages. the definition of vulnerabilities is difficult and things can be very very slow, depending on the required functionality, and overhead introduced by hooking functions. On top of that, if you're tracing big applications, the trace log file might be huge, and appreplay may not even to use it.<\/p>\n<p>To enhance the performance of the process, Nikita says, it would probably be a good idea to get rid of the QEMU layer altogether\u2026 but it would be a huge task to do so.<\/p>\n<p>Nikita continues by explaining that automated exploit generation would require you to build primitives (within the correct exploitation state), deal with a lot of exploit mitigations\u2026 and that EIP control does not mean you can build a weaponized exploit nowadays. \u00a0It would require the automation of finding memory disclosures as well. \ud83d\ude42<\/p>\n<p>Unfortunately the flow of this talk was a bit slow. With lots of time spent on the BitBlaze components and Intermediate Language, the speaker had to rush a bit at the end, which was a pity (because I had the impression it had more interesting content than the first part of the presentation).<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Automatically Searching for Vulnerabilities: How to use Taint Analysis to find Security Flaws (by Alex Bazhanyuk (not present) and Nikita Tarakanov, Reverse Engineers, CISS) Nikita explains they have been working on reversing binaries and auditing source code for a long time. \u00a0 Alex currently works on the BitBlaze work, and moved to the US to &hellip; <a href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> \"HITB2012AMS Day 2 - Taint Analysis\"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2250],"tags":[2983,2676,1991],"class_list":["post-9221","post","type-post","status-publish","format-standard","hentry","category-cons-seminars","tag-kernel","tag-reverse-engineering","tag-fuzzing"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HITB2012AMS Day 2 - Taint Analysis - Corelan | Exploit Development &amp; Vulnerability Research<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HITB2012AMS Day 2 - Taint Analysis - Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"og:description\" content=\"Automatically Searching for Vulnerabilities: How to use Taint Analysis to find Security Flaws (by Alex Bazhanyuk (not present) and Nikita Tarakanov, Reverse Engineers, CISS) Nikita explains they have been working on reversing binaries and auditing source code for a long time. \u00a0 Alex currently works on the BitBlaze work, and moved to the US to &hellip; Continue reading &quot;HITB2012AMS Day 2 - Taint Analysis&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/\" \/>\n<meta property=\"og:site_name\" content=\"Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/corelanconsulting\" \/>\n<meta property=\"article:published_time\" content=\"2012-05-25T10:32:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120525_114925_899.jpg\" \/>\n<meta name=\"author\" content=\"corelanc0d3r\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@corelanc0d3r\" \/>\n<meta name=\"twitter:site\" content=\"@corelanc0d3r\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/25\\\/hitb2012ams-day-2-taint-analysis\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/25\\\/hitb2012ams-day-2-taint-analysis\\\/\"},\"author\":{\"name\":\"corelanc0d3r\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\"},\"headline\":\"HITB2012AMS Day 2 - Taint Analysis\",\"datePublished\":\"2012-05-25T10:32:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/25\\\/hitb2012ams-day-2-taint-analysis\\\/\"},\"wordCount\":737,\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/25\\\/hitb2012ams-day-2-taint-analysis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2012\\\/05\\\/rps20120525_114925_899.jpg\",\"keywords\":[\"kernel\",\"reverse engineering\",\"fuzzing\"],\"articleSection\":[\"Cons and Seminars\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/25\\\/hitb2012ams-day-2-taint-analysis\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/25\\\/hitb2012ams-day-2-taint-analysis\\\/\",\"name\":\"HITB2012AMS Day 2 - Taint Analysis - Corelan | Exploit Development &amp; Vulnerability Research\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/25\\\/hitb2012ams-day-2-taint-analysis\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/25\\\/hitb2012ams-day-2-taint-analysis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2012\\\/05\\\/rps20120525_114925_899.jpg\",\"datePublished\":\"2012-05-25T10:32:48+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/25\\\/hitb2012ams-day-2-taint-analysis\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/25\\\/hitb2012ams-day-2-taint-analysis\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/25\\\/hitb2012ams-day-2-taint-analysis\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2012\\\/05\\\/rps20120525_114925_899.jpg\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2012\\\/05\\\/rps20120525_114925_899.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/25\\\/hitb2012ams-day-2-taint-analysis\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.corelan.be\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HITB2012AMS Day 2 &#8211; Taint Analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"name\":\"Corelan CyberSecurity Research\",\"description\":\"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.corelan.be\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\",\"name\":\"Corelan CyberSecurity Research\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"width\":200,\"height\":200,\"caption\":\"Corelan CyberSecurity Research\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/corelanconsulting\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\",\"https:\\\/\\\/x.com\\\/corelanconsulting\",\"https:\\\/\\\/instagram.com\\\/corelanconsult\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\",\"name\":\"corelanc0d3r\",\"pronouns\":\"he\\\/him\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"caption\":\"corelanc0d3r\"},\"description\":\"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.\",\"sameAs\":[\"https:\\\/\\\/www.corelan-training.com\",\"https:\\\/\\\/instagram.com\\\/corelanc0d3r\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/petervaneeckhoutte\\\/\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\"],\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/author\\\/admin0\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HITB2012AMS Day 2 - Taint Analysis - Corelan | Exploit Development &amp; Vulnerability Research","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/","og_locale":"en_US","og_type":"article","og_title":"HITB2012AMS Day 2 - Taint Analysis - Corelan | Exploit Development &amp; Vulnerability Research","og_description":"Automatically Searching for Vulnerabilities: How to use Taint Analysis to find Security Flaws (by Alex Bazhanyuk (not present) and Nikita Tarakanov, Reverse Engineers, CISS) Nikita explains they have been working on reversing binaries and auditing source code for a long time. \u00a0 Alex currently works on the BitBlaze work, and moved to the US to &hellip; Continue reading \"HITB2012AMS Day 2 - Taint Analysis\"","og_url":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/","og_site_name":"Corelan | Exploit Development &amp; Vulnerability Research","article_publisher":"https:\/\/www.facebook.com\/corelanconsulting","article_published_time":"2012-05-25T10:32:48+00:00","og_image":[{"url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120525_114925_899.jpg","type":"","width":"","height":""}],"author":"corelanc0d3r","twitter_card":"summary_large_image","twitter_creator":"@corelanc0d3r","twitter_site":"@corelanc0d3r","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/#article","isPartOf":{"@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/"},"author":{"name":"corelanc0d3r","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f"},"headline":"HITB2012AMS Day 2 - Taint Analysis","datePublished":"2012-05-25T10:32:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/"},"wordCount":737,"publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"image":{"@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120525_114925_899.jpg","keywords":["kernel","reverse engineering","fuzzing"],"articleSection":["Cons and Seminars"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/","url":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/","name":"HITB2012AMS Day 2 - Taint Analysis - Corelan | Exploit Development &amp; Vulnerability Research","isPartOf":{"@id":"https:\/\/www.corelan.be\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/#primaryimage"},"image":{"@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120525_114925_899.jpg","datePublished":"2012-05-25T10:32:48+00:00","breadcrumb":{"@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/#primaryimage","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120525_114925_899.jpg","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120525_114925_899.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.corelan.be\/"},{"@type":"ListItem","position":2,"name":"HITB2012AMS Day 2 &#8211; Taint Analysis"}]},{"@type":"WebSite","@id":"https:\/\/www.corelan.be\/#website","url":"https:\/\/www.corelan.be\/","name":"Corelan CyberSecurity Research","description":"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.","publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.corelan.be\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.corelan.be\/#organization","name":"Corelan CyberSecurity Research","url":"https:\/\/www.corelan.be\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","width":200,"height":200,"caption":"Corelan CyberSecurity Research"},"image":{"@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/corelanconsulting","https:\/\/x.com\/corelanc0d3r","https:\/\/x.com\/corelanconsulting","https:\/\/instagram.com\/corelanconsult"]},{"@type":"Person","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f","name":"corelanc0d3r","pronouns":"he\/him","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","url":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","caption":"corelanc0d3r"},"description":"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.","sameAs":["https:\/\/www.corelan-training.com","https:\/\/instagram.com\/corelanc0d3r","https:\/\/www.linkedin.com\/in\/petervaneeckhoutte\/","https:\/\/x.com\/corelanc0d3r"],"url":"https:\/\/www.corelan.be\/index.php\/author\/admin0\/"}]}},"views":5002,"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/9221","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/comments?post=9221"}],"version-history":[{"count":0,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/9221\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/media?parent=9221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/categories?post=9221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/tags?post=9221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}