{"id":275,"date":"2011-02-16T10:41:10","date_gmt":"2011-02-16T09:41:10","guid":{"rendered":"http:\/\/cerezo.name\/blog\/?p=275"},"modified":"2024-10-14T14:32:14","modified_gmt":"2024-10-14T12:32:14","slug":"automatic-exploit-generation","status":"publish","type":"post","link":"http:\/\/cerezo.name\/blog\/2011\/02\/16\/automatic-exploit-generation\/","title":{"rendered":"Automatic Exploit Generation"},"content":{"rendered":"<p><iframe loading=\"lazy\" title=\"Automatic Exploit Generation\" src=\"http:\/\/www.youtube.com\/embed\/VPe1W7SIdBE\" allowfullscreen=\"allowfullscreen\" width=\"590\" height=\"360\" frameborder=\"0\"><\/iframe><\/p>\n<p style=\"padding-left: 30px; text-align: justify;\"><em>The automatic exploit generation challenge is given a program, automatically find vulnerabilities and generate exploits for them. In this paper we present <span class=\"caps\">AEG<\/span>, the first end-to-end system for fully automatic exploit generation. We used <span class=\"caps\">AEG<\/span> to analyze 14 open-source projects and successfully generated 16 control flow hijacking exploits. Two of the generated exploits (expect\u20115.43 and htget\u20110.93) are zero-day exploits against unknown vulnerabilities. Our contributions are: 1) we show how exploit generation for control flow hijack attacks can be modeled as a formal verification problem, 2) we propose preconditioned symbolic execution, a novel technique for targeting symbolic execution, 3) we present a general approach for generating working exploits once a bug is found, and 4) <strong>we build the first end-to-end system that automatically finds vulnerabilities and generates exploits that produce a shell<\/strong>.<\/em><\/p>\n<p style=\"text-align: justify;\">The first step to automatically search for and exploit the most basic vulnerabilities is done, and incremental improvements will surely follow. While this won\u2019t have a deep impact on the computer security industry, since it\u2019s already full of people exploiting software for free, it will surely have a real impact on the programming world: <strong>right now, all coders not acquainted with secure code-writing skills should be fired<\/strong>. For more information, visit the following link: <a href=\"http:\/\/security.ece.cmu.edu\/aeg\/\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Automatic Exploit Generation.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The automatic exploit generation challenge is given a program, automatically find vulnerabilities and generate exploits for them. In this paper we present <span class=\"caps\">AEG<\/span>, the first end-to-end system for fully automatic exploit generation. We used <span class=\"caps\">AEG<\/span> to analyze 14 open-source projects and successfully generated 16 control flow hijacking exploits. Two of the generated exploits (expect\u20115.43 and&nbsp;[\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"ngg_post_thumbnail":0},"categories":[6],"tags":[],"_links":{"self":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts\/275"}],"collection":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/comments?post=275"}],"version-history":[{"count":14,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts\/275\/revisions"}],"predecessor-version":[{"id":1681,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts\/275\/revisions\/1681"}],"wp:attachment":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/media?parent=275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/categories?post=275"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/tags?post=275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}