Exploits often crash applications because they were made for different versions of the software or operating system than the client is running. It's only a matter of time before the attacker reacts to these failures and penetrates the network.
Current exploit detection products all work by stopping or identifying a successful exploit on a client or server. Microsoft provides a product called System Center Operations Manager (SCOM) that is capable of collecting crash dumps from systems. However, it does not provide insight as to if these are due to exploitation attempts. Microsoft also provides a tool called “!exploitable” (pronounced “bang exploitable”) that can determine if a crash was due to an exploitation attempt. Disadvantageously, a user has to manually collect crash dumps and feed the collected crash dumps to the program one at a time.
Memory dumps can provide important details for an incident responder or forensic analyst's investigations. Some applications can also provide a copy of the document that caused that crash, such as the malicious PDF involved.
Therefore, there is a need for a system for automatically collecting and analyzing crash dumps to determine if a crash is the result of an unsuccessful security exploit and generating reports and alerts.