Proteus

Proteus is an advanced dynamic analysis software testing (DAST) system for automatically finding and fixing vulnerabilities, with no false alarms, aimed at development groups, testing organizations, and cybersecurity teams. It discovers vulnerabilities that could be triggered by potentially malicious file or network inputs, including many common entries in the Common Weakness Enumeration (CWE). The tool's initial focus is on both 32-bit and 64-bit Windows native binaries.

Benefits

By integrating and simplifying the use of state-of-the-art tools for binary analysis and transformation, Proteus lowers the costs and increases the efficiency and effectiveness of software testing, reverse engineering, and maintenance, including:

• binary analysis, mutational fuzzing, and symbolic execution without the need for source code,
• professional-grade user interface for result aggregation and presentation,
• wizard to provide for easy system use, distributed process orchestration, and management,
• advanced exploitability reporting and reasoning capability, and
• deployment in a virtualized environment or on a host system.

Capabilities

Proteus integrates five capabilities, each of which can be used in an end-to-end workflow or independently:

• Error Amplification – earlier and more complete error detection; faster root-cause localization
• Weakness Discovery – automatic generation of test inputs leading to application failure
• Exploitability Analysis – assessment of the exploitability of the discovered weaknesses
• Binary Patching – automated recommendation and application of patches for exploitable weaknesses
• Binary Hardening – additional protections for weaknesses that may have remained undiscovered during analysis.

Demo

The following video introduces Proteus and demonstrates its usage spinning up multiple VMs in a unified fuzzing campaign to identify, triage, and report multiple vulnerabilities in an example program.