Using Binary Analysis to Quantify Potential Zero-Day Risk in Software

Modern cyberattacks frequently use a technique called Return-Oriented Programming (ROP) to weaponize a program’s own code against itself. Attackers repurpose existing code snippets (known as “gadgets”) and chain them together to create malicious functionality.

In this session, Doug Britton, CSO at RunSafe Security, introduces a novel approach to identify potential zero-day risk in software by analyzing binary code for the presence of exploitable ROP chains. Rather than trying to identify specific vulnerabilities, instead we answer the question: Are any useful ROP chains available to an attacker?

Attendees will gain a practical understanding of how to quantify and reduce exposure to zero-day attacks, with a focus on memory-safety vulnerabilities. By assessing total ROP chain availability, the approach enables teams to calculate a binary’s intrinsic risk—even in the absence of published CVEs—and demonstrates how runtime protections can reduce potential exploitability by up to 96%.

This first-of-its-kind binary analysis technique shifts the paradigm from reactive patch-and-scan models to proactive, attacker-informed defense. Product security teams will learn how to prioritize mitigations not by severity scores alone, but by whether they meaningfully limit what an attacker can actually do. This talk delivers actionable insight into strengthening your software’s resilience against both known and unknown threats—grounded in real-world exploit mechanics.

‍

Session Takeaways:

• How attackers build ROP chains from compiled binaries to achieve remote code execution or privilege escalation
• How to quantify the latent risk posed by memory corruption vulnerabilities in compiled binaries—even without known CVEs
• How to evaluate memory protection techniques (e.g., control-flow integrity, memory randomization) based on measurable zero-day risk reduction