In this talk, we will introduce the audience to the concepts involved in static analysis, and different implementations of those concepts with advantages and disadvantages of each. We will show how the open source tool bugreport (http://bugreport.sf.net) implements these concepts and will demonstrate the tool finding exploitable bugs in real-world binaries.