Systematically understanding the cyber attack business: A survey
Cyber attacks are increasingly menacing businesses. Based on the literature review and
publicly available reports, this article conducts an extensive and consistent survey of the …
publicly available reports, this article conducts an extensive and consistent survey of the …
Challenges in firmware re-hosting, emulation, and analysis
System emulation and firmware re-hosting have become popular techniques to answer
various security and performance related questions, such as determining whether a …
various security and performance related questions, such as determining whether a …
{QSYM}: A practical concolic execution engine tailored for hybrid fuzzing
Recently, hybrid fuzzing has been proposed to address the limitations of fuzzing and
concolic execution by combining both approaches. The hybrid approach has shown its …
concolic execution by combining both approaches. The hybrid approach has shown its …
T-Fuzz: fuzzing by program transformation
H Peng, Y Shoshitaishvili… - 2018 IEEE Symposium on …, 2018 - ieeexplore.ieee.org
Fuzzing is a simple yet effective approach to discover software bugs utilizing randomly
generated inputs. However, it is limited by coverage and cannot find bugs hidden in deep …
generated inputs. However, it is limited by coverage and cannot find bugs hidden in deep …
ExploitGen: Template-augmented exploit code generation based on CodeBERT
Exploit code is widely used for detecting vulnerabilities and implementing defensive
measures. However, automatic generation of exploit code for security assessment is a …
measures. However, automatic generation of exploit code for security assessment is a …
{FUZE}: Towards facilitating exploit generation for kernel {Use-After-Free} vulnerabilities
Software vendors usually prioritize their bug remediation based on ease of their exploitation.
However, accurately determining exploitability typically takes tremendous hours and …
However, accurately determining exploitability typically takes tremendous hours and …
Dualsc: Automatic generation and summarization of shellcode via transformer and dual learning
A shellcode is a small piece of code and it is executed to exploit a software vulnerability,
which allows the target computer to execute arbitrary commands from the attacker through a …
which allows the target computer to execute arbitrary commands from the attacker through a …
GREBE: Unveiling exploitation potential for Linux kernel bugs
Nowadays, dynamic testing tools have significantly expedited the discovery of bugs in the
Linux kernel. When unveiling kernel bugs, they automatically generate reports, specifying …
Linux kernel. When unveiling kernel bugs, they automatically generate reports, specifying …
{KOOBE}: Towards facilitating exploit generation of kernel {Out-Of-Bounds} write vulnerabilities
The monolithic nature of modern OS kernels leads to a constant stream of bugs being
discovered. It is often unclear which of these bugs are worth fixing, as only a subset of them …
discovered. It is often unclear which of these bugs are worth fixing, as only a subset of them …
Slake: Facilitating slab manipulation for exploiting vulnerabilities in the linux kernel
To determine the exploitability for a kernel vulnerability, a secu-rity analyst usually has to
manipulate slab and thus demonstrate the capability of obtaining the control over a program …
manipulate slab and thus demonstrate the capability of obtaining the control over a program …