Events

Advancing Security Red-Teaming through Probabilistic Binary Analysis

Digital systems are the backbone of modern society, supporting everything from critical infrastructure to everyday communications. As these systems grow increasingly complex, securing them requires collective and broader community efforts beyond in-house teams. Third-party red-teaming plays a crucial role in this shared responsibility by conducting rigorous security assessments to uncover hidden vulnerabilities and inform proactive defense strategies. However, a major challenge for independent security teams is the frequent lack of access to the system of interest, particularly its source code, which hinders red-teaming efforts.

In this talk, Zhuo Zhang will introduce probabilistic binary analysis, a novel framework that leverages probabilistic modeling to analyze compiled binaries when source code is unavailable. By systematically examining binary behavior and rigorously modeling the uncertainties inherent in the analysis process, this approach uncovers security flaws and provides actionable insights for proactive defense. His method has already demonstrated real-world impact by identifying critical vulnerabilities in widely used systems, earning substantial bug bounties, and receiving recognition through the SIGSAC Doctoral Dissertation Award.