In this short video we take a look at using an MCP Server with IDA Pro for vulnerability research. At the link below, we did a patch diff against ole32.dll's patch from January 2025. We found a double free vulnerability. When letting AI do the analysis of the unpatched file and the specific function containing the double-free vulnerability, it instead listed 3 other supposed vulnerabilities. As explained in the video, these are often false positives and can send you down rabbit holes that lead nowhere. AI is typically very good at basic vulnerabilities or malware, like stack overflows, as well as crackme challenges, keystroke loggers, etc... One of the main issues is that complex memory corruption bugs can be difficult to locate without a lot of context, such as cross-references functions, information about file formats or communication streams, etc... The MCP client you opt to use will also play a role in how accurate the analysis is. e.g. Claude vs. Cursor vs. Roo Code, etc...
The MCP server used from @mrexodia is the best one I've seen yet!
MCP Server used from Duncan Ogilvie - https://github.com/mrexodia/ida-pro-mcp
Stream referenced in the video: https://www.youtube.com/watch?v=_ZrHjohjbwM&t=1801s
Join as a member of the channel to help with educational donations to applicants seeking financial aid, as well as towards merchandise giveaways and the like:
https://www.youtube.com/channel/UCc8gr33-DyCZ6gAmqdcyzgA/join
Join our Discord here to learn more: https://discord.gg/offbyonesecurity
